βΌ CVE-2023-44993 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <=Γ 4.7.8 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45612 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXEπ Read
via "National Vulnerability Database".
βΌ CVE-2023-44246 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <=Γ 1.8.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43700 βΌ
π Read
via "National Vulnerability Database".
Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43697 βΌ
π Read
via "National Vulnerability Database".
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows anunprivileged remote attacker to make the site unable to load necessary strings via changing file pathsusing HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43698 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation (Γ’β¬β’Cross-site ScriptingΓ’β¬β’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clientsbrowser via injecting code into the website.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43696 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in SICK APU allows an unprivileged remote attacker todownload as well as upload arbitrary files via anonymous access to the FTP server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5100 βΌ
π Read
via "National Vulnerability Database".
Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows anunprivileged remote attacker to retrieve potentially sensitive information via intercepting network trafficthat is not encrypted.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43699 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APUallows an unprivileged remote attacker to guess the password via trial-and-error as the login attemptsare not limited.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5101 βΌ
π Read
via "National Vulnerability Database".
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows anunprivileged remote attacker to download various files from the server via HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5103 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user intoclicking on an actionable item using an iframe.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45248 βΌ
π Read
via "National Vulnerability Database".
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Agent (Windows) before build 36497.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5102 βΌ
π Read
via "National Vulnerability Database".
Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45247 βΌ
π Read
via "National Vulnerability Database".
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497.π Read
via "National Vulnerability Database".
π΄ Cybersecurity Talent in America: Bridging the Gap π΄
π Read
via "Dark Reading".
It's past time to reimagine how to best nurture talent and expand recruiting and training to alleviate the shortage of trained cybersecurity staff. We need a diverse talent pool trained for tomorrow's challenges. π Read
via "Dark Reading".
Dark Reading
Cybersecurity Talent in America: Bridging the Gap
It's past time to reimagine how to best nurture talent and expand recruiting and training to alleviate the shortage of trained cybersecurity staff. We need a diverse talent pool trained for tomorrow's challenges.
π₯1
π Simple Packet Sender 5.0 π
π Read
via "Packet Storm Security".
Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.π Read
via "Packet Storm Security".
Packetstormsecurity
Simple Packet Sender 5.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2023-36820 βΌ
π Read
via "National Vulnerability Database".
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-44378 βΌ
π Read
via "National Vulnerability Database".
gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25822 βΌ
π Read
via "National Vulnerability Database".
ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the `com.epam.reportportal:service-api` module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the test_item.path field is exceeded the allowable `ltree` field type indexing limit (path length>=120, approximately recursive nesting of the nested steps). REINDEX INDEX path_gist_idx and path_idx aren't helped. The problem was fixed in `com.epam.reportportal:service-api` module version 5.10.0 (product release 23.2), where the maximum number of nested elements were programmatically limited. A workaround is available. After deletion of the data with long paths, and reindexing both indexes (path_gist_idx and path_idx), the database becomes stable and ReportPortal works properly.π Read
via "National Vulnerability Database".
βΌ CVE-2023-43643 βΌ
π Read
via "National Vulnerability Database".
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This issue has been patched in AntiSamy 1.7.4 and later.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35950 βΌ
π Read
via "National Vulnerability Database".
OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An attacker should be able to edit a product in the admin area and force a user to add this product to Shopping List and click add a note for it. Versions 5.0.11 and 5.1.1 contain a fix for this issue.π Read
via "National Vulnerability Database".