‼ CVE-2023-4563 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** This was assigned as a duplicate of CVE-2023-4244.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25588 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25585 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37756 ‼
📖 Read
via "National Vulnerability Database".
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25584 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29499 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25586 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41159 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32665 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.📖 Read
via "National Vulnerability Database".
🕴 Microsoft Teams Hacks Are Back, As Storm-0324 Embraces TeamsPhisher 🕴
📖 Read
via "Dark Reading".
Collaboration apps are a boost to business productivity, but also a uniquely attractive target for cyberattackers.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Teams Hacks Are Back, as Storm-0324 Embraces TeamsPhisher
Collaboration apps are a boost to business productivity, but also a uniquely attractive target for cyberattackers.
🕴 Why Identity Management Is the Key to Stopping APT Cyberattacks 🕴
📖 Read
via "Dark Reading".
Dark Reading News Desk: CrowdStrike's Adam Meyers talks China, Iran, Russia, and more in this expert dive into the current APT threat actor landscape.📖 Read
via "Dark Reading".
Dark Reading
Why Identity Management Is the Key to Stopping APT Cyberattacks
Dark Reading News Desk: CrowdStrike's Adam Meyers talks China, Iran, Russia, and more in this expert dive into the current APT threat actor landscape.
‼ CVE-2023-38891 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40869 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40868 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47631 ‼
📖 Read
via "National Vulnerability Database".
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL after the service has already checked the file. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42405 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41592 ‼
📖 Read
via "National Vulnerability Database".
Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39638 ‼
📖 Read
via "National Vulnerability Database".
D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-36657 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36658 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32461 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. Â 📖 Read
via "National Vulnerability Database".