🕴 As Citrix Urges Its Clients to Patch, Researchers Release an Exploit 🕴
📖 Read
via "Dark Reading".
In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.📖 Read
via "Dark Reading".
Dark Reading
As Citrix Urges Its Clients to Patch, Researchers Release an Exploit
In the race over Citrix's latest vulnerability, the bad guys have a huge head start, with broad implications for businesses and critical infrastructure providers worldwide.
👍2
‼ CVE-2023-3010 ‼
📖 Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1356 ‼
📖 Read
via "National Vulnerability Database".
Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3699 ‼
📖 Read
via "National Vulnerability Database".
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38484 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20273 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39734 ‼
📖 Read
via "National Vulnerability Database".
The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39733 ‼
📖 Read
via "National Vulnerability Database".
The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40413 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26583 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40444 ‼
📖 Read
via "National Vulnerability Database".
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26580 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26568 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34048 ‼
📖 Read
via "National Vulnerability Database".
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31581 ‼
📖 Read
via "National Vulnerability Database".
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38485 ‼
📖 Read
via "National Vulnerability Database".
A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26574 ‼
📖 Read
via "National Vulnerability Database".
Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-3112 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26569 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26575 ‼
📖 Read
via "National Vulnerability Database".
Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26219 ‼
📖 Read
via "National Vulnerability Database".
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.📖 Read
via "National Vulnerability Database".