‼ CVE-2023-4847 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-4851 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4850 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4852 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4864 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input <script>alert('xss')</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4865 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41915 ‼
📖 Read
via "National Vulnerability Database".
OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4878 ‼
📖 Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4879 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42467 ‼
📖 Read
via "National Vulnerability Database".
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.📖 Read
via "National Vulnerability Database".
🦿 Protect Your Data With the MonoDefense Security Suite for $149.99 🦿
📖 Read
via "Tech Republic".
Get VPN, Firewall and SmartDNS protection in one package! Combining five top-rated security apps, the MonoDefense Security Suite offers complete protection — and lifetime subscriptions are now 62% off.📖 Read
via "Tech Republic".
TechRepublic
Protect Your Data With the MonoDefense Security Suite for $130
Get VPN, Firewall, and SmartDNS protection in one package with MonoDefense Security Suite.
‼ CVE-2023-4577 ‼
📖 Read
via "National Vulnerability Database".
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4104 ‼
📖 Read
via "National Vulnerability Database".
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.*This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4576 ‼
📖 Read
via "National Vulnerability Database".
On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4575 ‼
📖 Read
via "National Vulnerability Database".
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40039 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4583 ‼
📖 Read
via "National Vulnerability Database".
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35845 ‼
📖 Read
via "National Vulnerability Database".
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4573 ‼
📖 Read
via "National Vulnerability Database".
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4578 ‼
📖 Read
via "National Vulnerability Database".
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4580 ‼
📖 Read
via "National Vulnerability Database".
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".