‼ CVE-2023-30497 ‼
📖 Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Chuang WP LINE Notify plugin <=Â 1.4.4 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32163 ‼
📖 Read
via "National Vulnerability Database".
Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857.📖 Read
via "National Vulnerability Database".
📢 Why MSPs should focus their attention on data protection services, not backup 📢
📖 Read
via "ITPro".
Accommodating for unique customer needs should be a key focus for channel partners 📖 Read
via "ITPro".
ITPro
Why MSPs should focus their attention on data protection services, not backup
Accommodating for unique customer needs should be a key focus for channel partners
‼ CVE-2023-38568 ‼
📖 Read
via "National Vulnerability Database".
Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38563 ‼
📖 Read
via "National Vulnerability Database".
Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32619 ‼
📖 Read
via "National Vulnerability Database".
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31188 ‼
📖 Read
via "National Vulnerability Database".
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39935 ‼
📖 Read
via "National Vulnerability Database".
Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40531 ‼
📖 Read
via "National Vulnerability Database".
Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38588 ‼
📖 Read
via "National Vulnerability Database".
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40193 ‼
📖 Read
via "National Vulnerability Database".
Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37284 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40357 ‼
📖 Read
via "National Vulnerability Database".
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39224 ‼
📖 Read
via "National Vulnerability Database".
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36489 ‼
📖 Read
via "National Vulnerability Database".
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.📖 Read
via "National Vulnerability Database".
🕴 Overcoming Open Source Vulnerabilities in the Software Supply Chain 🕴
📖 Read
via "Dark Reading".
By securing access to code and running scans against all code changes, developers can better prevent — and detect — potential risks and vulnerabilities.📖 Read
via "Dark Reading".
Dark Reading
Overcoming Open Source Vulnerabilities in the Software Supply Chain
By securing access to code and running scans against all code changes, developers can better prevent — and detect — potential risks and vulnerabilities.
‼ CVE-2023-41944 ‼
📖 Read
via "National Vulnerability Database".
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27526 ‼
📖 Read
via "National Vulnerability Database".
A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0. 📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41932 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41937 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36388 ‼
📖 Read
via "National Vulnerability Database".
Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.📖 Read
via "National Vulnerability Database".