βΌ CVE-2023-40413 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26583 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40444 βΌ
π Read
via "National Vulnerability Database".
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26580 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated arbitrary file read in the IDAttendΓ’β¬β’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26568 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34048 βΌ
π Read
via "National Vulnerability Database".
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.Γ A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31581 βΌ
π Read
via "National Vulnerability Database".
Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38485 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26574 βΌ
π Read
via "National Vulnerability Database".
Missing authentication in the SearchStudents method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3112 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26569 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26575 βΌ
π Read
via "National Vulnerability Database".
Missing authentication in the SearchStudentsStaff method in IDAttendΓ’β¬β’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26219 βΌ
π Read
via "National Vulnerability Database".
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk ConsoleΓ’β¬β’s and AgentΓ’β¬β’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46191 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <=Γ 1.4.4 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-42842 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46120 βΌ
π Read
via "National Vulnerability Database".
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-5732 βΌ
π Read
via "National Vulnerability Database".
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36085 βΌ
π Read
via "National Vulnerability Database".
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.π Read
via "National Vulnerability Database".
βΌ CVE-2023-46189 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar Γ’β¬β Google Calendar Plugin <=Γ 3.2.5 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37908 βΌ
π Read
via "National Vulnerability Database".
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix `data-xwiki-translated-attribute-` without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40405 βΌ
π Read
via "National Vulnerability Database".
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.π Read
via "National Vulnerability Database".