βΌ CVE-2023-45129 βΌ
π Read
via "National Vulnerability Database".
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36776 βΌ
π Read
via "National Vulnerability Database".
Win32k Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36722 βΌ
π Read
via "National Vulnerability Database".
Active Directory Domain Services Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36568 βΌ
π Read
via "National Vulnerability Database".
Microsoft Office Click-To-Run Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-38171 βΌ
π Read
via "National Vulnerability Database".
Microsoft QUIC Denial of Service Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36569 βΌ
π Read
via "National Vulnerability Database".
Microsoft Office Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36718 βΌ
π Read
via "National Vulnerability Database".
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36790 βΌ
π Read
via "National Vulnerability Database".
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36721 βΌ
π Read
via "National Vulnerability Database".
Windows Error Reporting Service Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36780 βΌ
π Read
via "National Vulnerability Database".
Skype for Business Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-42795 βΌ
π Read
via "National Vulnerability Database".
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41771 βΌ
π Read
via "National Vulnerability Database".
Layer 2 Tunneling Protocol Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-41765 βΌ
π Read
via "National Vulnerability Database".
Layer 2 Tunneling Protocol Remote Code Execution Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36713 βΌ
π Read
via "National Vulnerability Database".
Windows Common Log File System Driver Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36579 βΌ
π Read
via "National Vulnerability Database".
Microsoft Message Queuing Denial of Service Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-36567 βΌ
π Read
via "National Vulnerability Database".
Windows Deployment Services Information Disclosure Vulnerabilityπ Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-41763 βΌ
π Read
via "National Vulnerability Database".
Skype for Business Elevation of Privilege Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-5497 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknown function of the file general/hr/salary/welfare_manage/delete.php. The manipulation of the argument WELFARE_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241650 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36703 βΌ
π Read
via "National Vulnerability Database".
DHCP Server Service Denial of Service Vulnerabilityπ Read
via "National Vulnerability Database".
βΌ CVE-2023-45648 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Apache Tomcat.TomcatΓ from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.π Read
via "National Vulnerability Database".
π΄ Badbox Operation Targets Android Devices in Fraud Schemes π΄
π Read
via "Dark Reading".
Researchers believe that more than 70,000 Android devices may have been affected.π Read
via "Dark Reading".
Dark Reading
Badbox Operation Targets Android Devices in Fraud Schemes
Researchers believe that more than 70,000 Android devices may have been affected with preloaded Peachpit malware that was installed on the electronics before being sold at market.