‼ CVE-2023-21253 ‼
📖 Read
via "National Vulnerability Database".
In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45303 ‼
📖 Read
via "National Vulnerability Database".
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44384 ‼
📖 Read
via "National Vulnerability Database".
Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21252 ‼
📖 Read
via "National Vulnerability Database".
In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45239 ‼
📖 Read
via "National Vulnerability Database".
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.📖 Read
via "National Vulnerability Database".
🕴 WatchGuard Threat Lab Report Finds Endpoint Malware Volumes Decreasing Despite Campaigns Growing More Expansive 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
WatchGuard Threat Lab Report Finds Endpoint Malware Volumes Decreasing Despite Campaigns Growing More Expansive
PRESS RELEASE
🕴 Too Rich To Ransomware? MGM Brushes Off $100M in Losses 🕴
📖 Read
via "Dark Reading".
MGM wins big bet that days of operations outages is better business than paying a ransom, following last month's data breach.📖 Read
via "Dark Reading".
Dark Reading
Too Rich to Ransomware? MGM Brushes Off $100M in Losses
MGM wins big bet that choosing days of operations outages is a better business decision than paying a ransom, following last month's data breach.
‼ CVE-2023-5452 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45311 ‼
📖 Read
via "National Vulnerability Database".
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3725 ‼
📖 Read
via "National Vulnerability Database".
Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34355 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-45199 ‼
📖 Read
via "National Vulnerability Database".
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-5182 ‼
📖 Read
via "National Vulnerability Database".
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36123 ‼
📖 Read
via "National Vulnerability Database".
Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43615 ‼
📖 Read
via "National Vulnerability Database".
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40639 ‼
📖 Read
via "National Vulnerability Database".
In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40652 ‼
📖 Read
via "National Vulnerability Database".
In jpg driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40647 ‼
📖 Read
via "National Vulnerability Database".
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40633 ‼
📖 Read
via "National Vulnerability Database".
In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40641 ‼
📖 Read
via "National Vulnerability Database".
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40638 ‼
📖 Read
via "National Vulnerability Database".
In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed📖 Read
via "National Vulnerability Database".