βΌ CVE-2023-21654 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in Audio during playback session with audio effects enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28567 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in WLAN HAL while handling command through WMI interfaces.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28544 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40534 βΌ
π Read
via "National Vulnerability Database".
Memory corruption due to improper validation of array index in Audio.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36492 βΌ
π Read
via "National Vulnerability Database".
Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20897 βΌ
π Read
via "National Vulnerability Database".
Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38569 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20898 βΌ
π Read
via "National Vulnerability Database".
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41763 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service.π Read
via "National Vulnerability Database".
π΄ As LotL Attacks Evolve, So Must Defenses π΄
π Read
via "Dark Reading".
Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.π Read
via "Dark Reading".
Dark Reading
As LotL Attacks Evolve, So Must Defenses
Because living-off-the-land (LotL) attacks masquerade as frequently used, legitimate companies, they are very difficult to block and detect.
βΌ CVE-2023-32086 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2453 βΌ
π Read
via "National Vulnerability Database".
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a Γ’β¬Λrequire_onceΓ’β¬β’ statement. This allows arbitrary files with the Γ’β¬Λ.phpΓ’β¬β’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a Γ’β¬Λ.phpΓ’β¬β’ file payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4480 βΌ
π Read
via "National Vulnerability Database".
Due to an out-of-date dependency in the Γ’β¬ΕFusion File ManagerΓ’β¬οΏ½ component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the applicationΓ’β¬β’s mime-type and file extension validation.Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-40743 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE.As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.π Read
via "National Vulnerability Database".
π΄ How Companies Can Cope With the Risks of Generative AI Tools π΄
π Read
via "Dark Reading".
To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.π Read
via "Dark Reading".
Dark Reading
How Companies Can Cope With the Risks of Generative AI Tools
To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.
βΌ CVE-2023-35124 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41108 βΌ
π Read
via "National Vulnerability Database".
TEF portal 2023-07-17 is vulnerable to authenticated remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32615 βΌ
π Read
via "National Vulnerability Database".
A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41107 βΌ
π Read
via "National Vulnerability Database".
TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34998 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can sniff network traffic to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36361 βΌ
π Read
via "National Vulnerability Database".
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.π Read
via "National Vulnerability Database".