🦿 TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Research for Download 🦿
📖 Read
via "Tech Republic".
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.📖 Read
via "Tech Republic".
TechRepublic
TechRepublic Premium Editorial Calendar: Policies, Hiring Kits, and Glossaries for Download
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
‼ CVE-2023-3950 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4647 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4378 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25042 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <=Â 2.3.0 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3210 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24674 ‼
📖 Read
via "National Vulnerability Database".
Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-24675 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44349 ‼
📖 Read
via "National Vulnerability Database".
NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40969 ‼
📖 Read
via "National Vulnerability Database".
Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3205 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1555 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40239 ‼
📖 Read
via "National Vulnerability Database".
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25044 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <=Â 4.4 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1279 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40970 ‼
📖 Read
via "National Vulnerability Database".
Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25488 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <=Â 1.0.1.1 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24412 ‼
📖 Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <=Â 1.7.6 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4704 ‼
📖 Read
via "National Vulnerability Database".
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4343 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39685 ‼
📖 Read
via "National Vulnerability Database".
An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string.📖 Read
via "National Vulnerability Database".