โผ CVE-2023-44233 โผ
๐ Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin รขโฌโ FooGallery plugin <=ร 2.2.44 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32971 โผ
๐ Read
via "National Vulnerability Database".
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.0.1.2515 build 20230907 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h4.5.4.2476 build 20230728 and laterQuTScloud c5.1.0.2498 and later๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32972 โผ
๐ Read
via "National Vulnerability Database".
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.0.1.2515 build 20230907 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h4.5.4.2476 build 20230728 and laterQuTScloud c5.1.0.2498 and later๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23366 โผ
๐ Read
via "National Vulnerability Database".
A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.We have already fixed the vulnerability in the following version:Music Station 5.3.22 and later๐ Read
via "National Vulnerability Database".
โผ CVE-2023-39928 โผ
๐ Read
via "National Vulnerability Database".
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-23371 โผ
๐ Read
via "National Vulnerability Database".
A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.We have already fixed the vulnerability in the following version:QVPN Windows 2.2.0.0823 and later๐ Read
via "National Vulnerability Database".
๐ฆฟ IPVanish VPN Review (2023): Features, Pricing, and Security ๐ฆฟ
๐ Read
via "Tech Republic".
Read our comprehensive review of IPVanish VPN. Discover its features, pricing, and more to determine if it meets your online security and privacy needs.๐ Read
via "Tech Republic".
TechRepublic
IPVanish VPN Review: Is it Really as Secure as Claimed?
Read our comprehensive review of IPVanish VPN. Discover its features, pricing, and more to determine if it meets your online security and privacy needs.
๐ด Predictive Analysis Can Reduce Risks Associated With Data Breaches ๐ด
๐ Read
via "Dark Reading".
๐ Read
via "Dark Reading".
Dark Reading
Predictive Analysis Can Reduce Risks Associated With Data Breaches
PRESS RELEASE
๐ด Cybersecurity Funding Rises by 21% in Q3 2023, Pinpoint Search Group's Report Indicates ๐ด
๐ Read
via "Dark Reading".
๐ Read
via "Dark Reading".
Dark Reading
Cybersecurity Funding Rises by 21% in Q3 2023, Pinpoint Search Group's Report Indicates
PRESS RELEASE
๐ด RIT Is the First University to Receive Support From the Google Cybersecurity Clinics Fund ๐ด
๐ Read
via "Dark Reading".
๐ Read
via "Dark Reading".
Dark Reading
RIT Is the First University to Receive Support From the Google Cybersecurity Clinics Fund
PRESS RELEASE
โผ CVE-2023-21266 โผ
๐ Read
via "National Vulnerability Database".
In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5366 โผ
๐ Read
via "National Vulnerability Database".
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-21291 โผ
๐ Read
via "National Vulnerability Database".
In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5214 โผ
๐ Read
via "National Vulnerability Database".
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-21244 โผ
๐ Read
via "National Vulnerability Database".
In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45282 โผ
๐ Read
via "National Vulnerability Database".
In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-21253 โผ
๐ Read
via "National Vulnerability Database".
In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45303 โผ
๐ Read
via "National Vulnerability Database".
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).๐ Read
via "National Vulnerability Database".
โผ CVE-2023-44384 โผ
๐ Read
via "National Vulnerability Database".
Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-21252 โผ
๐ Read
via "National Vulnerability Database".
In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".