βΌ CVE-2023-43890 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43268 βΌ
π Read
via "National Vulnerability Database".
Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44008 βΌ
π Read
via "National Vulnerability Database".
File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3592 βΌ
π Read
via "National Vulnerability Database".
In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43297 βΌ
π Read
via "National Vulnerability Database".
An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5344 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.π Read
via "National Vulnerability Database".
π΄ Secure Yeti Appoints Jayson E. Street as Chief Adversarial Officer to Spearhead Cybersecurity Empowerment π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
Secure Yeti Appoints Jayson E. Street as Chief Adversarial Officer to Spearhead Cybersecurity Empowerment
TULSA, Okla., Sept. 28, 2023 /PRNewswire/ -- Secure Yeti, a leading global cybersecurity firm, proudly announces the appointment of renowned hacker Jayson E. Street as its first Chief Adversarial Officer. In this pivotal role, Street will bring his unparalleledβ¦
βΌ CVE-2023-44011 βΌ
π Read
via "National Vulnerability Database".
An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31042 βΌ
π Read
via "National Vulnerability Database".
A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBladeΓ’β¬β’s object store protocol can impact the availability of the systemΓ’β¬β’s data access and replication protocols.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43980 βΌ
π Read
via "National Vulnerability Database".
Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43891 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36627 βΌ
π Read
via "National Vulnerability Database".
A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43893 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28372 βΌ
π Read
via "National Vulnerability Database".
A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an objectΓ’β¬β’s retention period can affect the availability of the object lock.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44012 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43892 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43627 βΌ
π Read
via "National Vulnerability Database".
Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5334 βΌ
π Read
via "National Vulnerability Database".
The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5345 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32572 βΌ
π Read
via "National Vulnerability Database".
A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41086 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.π Read
via "National Vulnerability Database".