βΌ CVE-2023-31015 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36319 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25532 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5063 βΌ
π Read
via "National Vulnerability Database".
The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31013 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25531 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25533 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31012 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5062 βΌ
π Read
via "National Vulnerability Database".
The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38886 βΌ
π Read
via "National Vulnerability Database".
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.π Read
via "National Vulnerability Database".
π¦Ώ Secure Equipment Repair Policy and Confidentiality Agreement π¦Ώ
π Read
via "Tech Republic".
Organizations must frequently work with third parties to repair laptops, desktops, tablets, smartphones, servers and other IT equipment. This policy from TechRepublic Premium ensures that the organization maintains regulatory and best business practice security compliance while tracking systems when they are being repaired. From the policy: If IT equipment must be returned to the manufacturer ...π Read
via "Tech Republic".
TechRepublic
Secure Equipment Repair Policy and Confidentiality Agreement
Organizations must frequently work with third parties to repair laptops, desktops, tablets, smartphones, servers and other IT equipment. This policy from
π΄ Companies Rely on Multiple Methods to Secure Generative AI Tools π΄
π Read
via "Dark Reading".
To protect their own and their customers' data, organizations are exploring different approaches to guard against unwanted effects of using AI.π Read
via "Dark Reading".
Dark Reading
Companies Rely on Multiple Methods to Secure Generative AI Tools
To protect their own and their customers' data, organizations are exploring different approaches to guard against the unwanted effects of using AI.
βΌ CVE-2023-43620 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-43618 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41374 βΌ
π Read
via "National Vulnerability Database".
Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2163 βΌ
π Read
via "National Vulnerability Database".
Incorrect verifier pruningΓ in BPF in Linux KernelΓ >=5.4Γ leads to unsafecode paths being incorrectly marked as safe, resulting inΓ arbitrary read/write inkernel memory, lateral privilege escalation, and container escape.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47562 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43619 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43616 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43621 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47561 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.π Read
via "National Vulnerability Database".