βΌ CVE-2023-28055 βΌ
π Read
via "National Vulnerability Database".
Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43222 βΌ
π Read
via "National Vulnerability Database".
SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30959 βΌ
π Read
via "National Vulnerability Database".
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40541 βΌ
π Read
via "National Vulnerability Database".
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-39376 βΌ
π Read
via "National Vulnerability Database".
SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the networkπ Read
via "National Vulnerability Database".
βΌ CVE-2023-42460 βΌ
π Read
via "National Vulnerability Database".
Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40432 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40435 βΌ
π Read
via "National Vulnerability Database".
This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40412 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40605 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <=Γ 1.3.6 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5175 βΌ
π Read
via "National Vulnerability Database".
During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-41067 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43857 βΌ
π Read
via "National Vulnerability Database".
Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41981 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44122 βΌ
π Read
via "National Vulnerability Database".
The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41335 βΌ
π Read
via "National Vulnerability Database".
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilitiesΓ’β¬βit already learns the users' passwords as part of the authentication processΓ’β¬βit does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41070 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43775 βΌ
π Read
via "National Vulnerability Database".
Denial-of-service vulnerability in the web server of the Eaton SMP SG-4260 allows attacker to potentially force an unexpected restart of the SMP Gatewayautomation platform, impacting the availability of the product. In rare situations, the issue could causethe SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product isnot vulnerable anymore.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44127 βΌ
π Read
via "National Vulnerability Database".
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5157 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44016 βΌ
π Read
via "National Vulnerability Database".
Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.π Read
via "National Vulnerability Database".