βΌ CVE-2023-38354 βΌ
π Read
via "National Vulnerability Database".
MiniTool Movie Maker 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43566 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configurationπ Read
via "National Vulnerability Database".
π΄ MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents π΄
π Read
via "Dark Reading".
MGM and Caesars are putting new SEC incident disclosure regulations to a real-world test in the aftermath of twin cyberattacks on the casinos, as class-action lawsuits loom.π Read
via "Dark Reading".
Dark Reading
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents
MGM and Caesars are putting new SEC incident disclosure regulations to a real-world test in the aftermath of twin cyberattacks on the casinos, as class-action lawsuits loom.
π΄ Trend Micro Patches Zero-Day Endpoint Vulnerability π΄
π Read
via "Dark Reading".
The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks.π Read
via "Dark Reading".
Dark Reading
Trend Micro Patches Zero-Day Endpoint Vulnerability
The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks.
π΄ China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign π΄
π Read
via "Dark Reading".
"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor's growing malware arsenal, Trend Micro says.π Read
via "Dark Reading".
Dark Reading
China-Linked Actor Taps Linux Backdoor in Forceful Espionage Campaign
"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor's growing malware arsenal, Trend Micro says.
βΌ CVE-2023-2995 βΌ
π Read
via "National Vulnerability Database".
The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2023-4376 βΌ
π Read
via "National Vulnerability Database".
The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-25529 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another userΓ’β¬β’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25534 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25527 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4088 βΌ
π Read
via "National Vulnerability Database".
Incorrect Default Permissions vulnerability due to incomplete fix to address CVE-2020-14496 in Mitsubishi Electric Corporation FA engineering software products allows a malicious local attacker to execute a malicious code, which could result in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition. However, if the mitigated version described in the advisory for CVE-2020-14496 is used and installed in the default installation folder, this vulnerability does not affect the products.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25528 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31008 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25525 βΌ
π Read
via "National Vulnerability Database".
NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31011 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25526 βΌ
π Read
via "National Vulnerability Database".
NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-31010 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31015 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36319 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25532 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5063 βΌ
π Read
via "National Vulnerability Database".
The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".