‼ CVE-2023-40936 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4636 ‼
📖 Read
via "National Vulnerability Database".
The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43903 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36308 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29261 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. IBM X-Force ID: 252139.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22870 ‼
📖 Read
via "National Vulnerability Database".
IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 244121.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32338 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-40937 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35906 ‼
📖 Read
via "National Vulnerability Database".
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.📖 Read
via "National Vulnerability Database".
🦿 Securing Linux Policy 🦿
📖 Read
via "Tech Republic".
Linux is a powerful and customizable operating system that has been the backbone of many businesses for decades. This policy from TechRepublic Premium provides guidelines for securing Linux on company computers and computers used to conduct company business. It assumes administrative knowledge of Linux servers and/or workstation environments. From the policy: DEVELOP TEMPLATES BASED ON ...📖 Read
via "Tech Republic".
TechRepublic
Securing Linux Policy
Linux is a powerful and customizable operating system that has been the backbone of many businesses for decades. This policy from TechRepublic Premium
‼ CVE-2022-33220 ‼
📖 Read
via "National Vulnerability Database".
Information disclosure in Automotive multimedia due to buffer over-read.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21662 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in Core Platform while printing the response buffer in log.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33019 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38574 ‼
📖 Read
via "National Vulnerability Database".
Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28557 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-28573 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in WLAN HAL while parsing WMI command parameters.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-33016 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS in WLAN firmware while parsing MLO (multi-link operation).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21646 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS in Modem while processing invalid System Information Block 1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33021 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in Graphics while processing user packets for command submission.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33015 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon frame.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21655 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in Audio while validating and mapping metadata.📖 Read
via "National Vulnerability Database".