βΌ CVE-2023-31012 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5062 βΌ
π Read
via "National Vulnerability Database".
The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38886 βΌ
π Read
via "National Vulnerability Database".
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.π Read
via "National Vulnerability Database".
π¦Ώ Secure Equipment Repair Policy and Confidentiality Agreement π¦Ώ
π Read
via "Tech Republic".
Organizations must frequently work with third parties to repair laptops, desktops, tablets, smartphones, servers and other IT equipment. This policy from TechRepublic Premium ensures that the organization maintains regulatory and best business practice security compliance while tracking systems when they are being repaired. From the policy: If IT equipment must be returned to the manufacturer ...π Read
via "Tech Republic".
TechRepublic
Secure Equipment Repair Policy and Confidentiality Agreement
Organizations must frequently work with third parties to repair laptops, desktops, tablets, smartphones, servers and other IT equipment. This policy from
π΄ Companies Rely on Multiple Methods to Secure Generative AI Tools π΄
π Read
via "Dark Reading".
To protect their own and their customers' data, organizations are exploring different approaches to guard against unwanted effects of using AI.π Read
via "Dark Reading".
Dark Reading
Companies Rely on Multiple Methods to Secure Generative AI Tools
To protect their own and their customers' data, organizations are exploring different approaches to guard against the unwanted effects of using AI.
βΌ CVE-2023-43620 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-43618 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41374 βΌ
π Read
via "National Vulnerability Database".
Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2163 βΌ
π Read
via "National Vulnerability Database".
Incorrect verifier pruningΓ in BPF in Linux KernelΓ >=5.4Γ leads to unsafecode paths being incorrectly marked as safe, resulting inΓ arbitrary read/write inkernel memory, lateral privilege escalation, and container escape.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47562 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43619 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43616 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43621 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47561 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26144 βΌ
π Read
via "National Vulnerability Database".
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.**Note:** It was not proven that this vulnerability can crash the process.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47560 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41375 βΌ
π Read
via "National Vulnerability Database".
Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43617 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22644 βΌ
π Read
via "National Vulnerability Database".
An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged.This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.π Read
via "National Vulnerability Database".
π2
π¦Ώ βHaywireβ Australian IT Skills Market Prompts Logicalis to Add Talent as a Service π¦Ώ
π Read
via "Tech Republic".
IT solutions and managed services provider Logicalis is planning to help skills-deprived Australian CIOs and IT managers get projects done with a new plug-and-play Talent Services offering.π Read
via "Tech Republic".
TechRepublic
'Haywire' Australian IT Skills Market Prompts Logicalis to Add Talent as a Service
IT solutions and MSP Logicalis plans to help skills-deprived Australian CIOs and IT managers with a new plug-and-play Talent Services offering.
βΌ CVE-2023-5084 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.π Read
via "National Vulnerability Database".