βΌ CVE-2023-38221 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38220 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38251 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5571 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38000 βΌ
π Read
via "National Vulnerability Database".
Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress coreΓ 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5572 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5573 βΌ
π Read
via "National Vulnerability Database".
Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0.π Read
via "National Vulnerability Database".
π¦Ώ How to Use the Scp Command to Securely Send a File from Your Desktop to a Server π¦Ώ
π Read
via "Tech Republic".
Learn how to use the scp command to transfer files securely with this step-by-step tutorial by expert Jack Wallen.π Read
via "Tech Republic".
TechRepublic
How to Use the Scp Command to Securely Send a File from Your Desktop to a Server
Learn how to use the scp command to transfer files securely with this step-by-step tutorial by expert Jack Wallen.
βΌ CVE-2023-5240 βΌ
π Read
via "National Vulnerability Database".
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45464 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45162 βΌ
π Read
via "National Vulnerability Database".
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.Γ Application of the relevant hotfix remediates this issue.for v8.1.2 apply hotfix Q23166for v8.4.1 apply hotfix Q23164for v9.0.1 apply hotfix Q23173SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange thisπ Read
via "National Vulnerability Database".
βΌ CVE-2023-45468 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29464 βΌ
π Read
via "National Vulnerability Database".
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39960 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45130 βΌ
π Read
via "National Vulnerability Database".
Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier's maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain's limit. This is especially an issue for XCM transactions, because they can't be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it's recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It's recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4829 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45108 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <=Γ 2.1.1 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4517 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45467 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45466 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.π Read
via "National Vulnerability Database".
βΌ CVE-2023-45465 βΌ
π Read
via "National Vulnerability Database".
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.π Read
via "National Vulnerability Database".