‼ CVE-2023-41109 ‼
📖 Read
via "National Vulnerability Database".
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35785 ‼
📖 Read
via "National Vulnerability Database".
Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39968 ‼
📖 Read
via "National Vulnerability Database".
jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24165 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39348 ‼
📖 Read
via "National Vulnerability Database".
Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39059 ‼
📖 Read
via "National Vulnerability Database".
An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34725 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40826 ‼
📖 Read
via "National Vulnerability Database".
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40827 ‼
📖 Read
via "National Vulnerability Database".
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40781 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4569 ‼
📖 Read
via "National Vulnerability Database".
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39650 ‼
📖 Read
via "National Vulnerability Database".
Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40857 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34724 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40828 ‼
📖 Read
via "National Vulnerability Database".
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41005 ‼
📖 Read
via "National Vulnerability Database".
An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40998 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40825 ‼
📖 Read
via "National Vulnerability Database".
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40997 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41358 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41359 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.📖 Read
via "National Vulnerability Database".