βΌ CVE-2023-26271 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38027 βΌ
π Read
via "National Vulnerability Database".
SpotCam Co., Ltd. SpotCam SenseΓ’β¬β’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38025 βΌ
π Read
via "National Vulnerability Database".
SpotCam Co., Ltd. SpotCam FHD 2Γ’β¬β’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26272 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.π Read
via "National Vulnerability Database".
βΌ CVE-2016-15035 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file js_on_radio-emergency.de_/re_chat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named bd17d497ddd3bab4ef9c6831c747c37cc016c570. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-238155.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4560 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.π Read
via "National Vulnerability Database".
π΄ Better SaaS Security Goes Beyond Procurement π΄
π Read
via "Dark Reading".
The impulse to achieve strong SaaS security adherence through strict gatekeeping during procurement fails to reduce the risk that matters most.π Read
via "Dark Reading".
Dark Reading
Better SaaS Security Goes Beyond Procurement
The impulse to achieve strong SaaS security adherence through strict gatekeeping during procurement fails to reduce the risk that matters most.
π΄ Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research π΄
π Read
via "Dark Reading".
Report unmasks recent cybersecurity challenges for governments, healthcare, financial services, and vital infrastructure.π Read
via "Dark Reading".
Dark Reading
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research
Report unmasks recent cybersecurity challenges for governments, healthcare, financial services, and vital infrastructure.
βΌ CVE-2023-38030 βΌ
π Read
via "National Vulnerability Database".
SahoΓ’β¬β’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40195 βΌ
π Read
via "National Vulnerability Database".
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider.When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks can effectively run arbitrary code on the Airflow node by pointing it at a malicious Spark server. Prior to version 4.1.3, this was not called out in the documentation explicitly, so it is possible that administrators provided authorizations to configure Spark hooks without taking this into account. We recommend administrators to review their configurations to make sure the authorization to configure Spark hooks is only provided to fully trusted users.To view the warning in the docs please visitΓ https://airflow.apache.org/docs/apache-airflow-providers-apache-spark/4.1.3/connections/spark.htmlπ Read
via "National Vulnerability Database".
βΌ CVE-2023-38028 βΌ
π Read
via "National Vulnerability Database".
SahoΓ’β¬β’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but canΓ’β¬β’t control system or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27604 βΌ
π Read
via "National Vulnerability Database".
Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via Γ’β¬Λsqoop import --connectΓ’β¬β’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected.This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-38029 βΌ
π Read
via "National Vulnerability Database".
SahoΓ’β¬β’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40751 βΌ
π Read
via "National Vulnerability Database".
PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40762 βΌ
π Read
via "National Vulnerability Database".
User enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40754 βΌ
π Read
via "National Vulnerability Database".
In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2018-25089 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 850c726d6bbfe0bf270801fbb92a30babea4155c. It is recommended to upgrade the affected component. The identifier VDB-238157 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40752 βΌ
π Read
via "National Vulnerability Database".
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36481 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40764 βΌ
π Read
via "National Vulnerability Database".
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40757 βΌ
π Read
via "National Vulnerability Database".
User enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.π Read
via "National Vulnerability Database".