โผ CVE-2023-4967 โผ
๐ Read
via "National Vulnerability Database".
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27858 โผ
๐ Read
via "National Vulnerability Database".
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using anร uninitialized pointer in the application. ร The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. ร The user would need to open a malicious file provided to them by the attacker for the code to execute.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46290 โผ
๐ Read
via "National Vulnerability Database".
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalkรยฎ Services Platform web service and then use the token to log in into FactoryTalkรยฎ Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalkรยฎ Services Platform web service.๐ Read
via "National Vulnerability Database".
๐ด Safari Side-Channel Attack Enables Browser Theft ๐ด
๐ Read
via "Dark Reading".
The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.๐ Read
via "Dark Reading".
Dark Reading
Safari Side-Channel Attack Enables Browser Theft
The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.
๐1
โผ CVE-2023-40139 โผ
๐ Read
via "National Vulnerability Database".
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-40136 โผ
๐ Read
via "National Vulnerability Database".
In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40121 โผ
๐ Read
via "National Vulnerability Database".
In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40125 โผ
๐ Read
via "National Vulnerability Database".
In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40123 โผ
๐ Read
via "National Vulnerability Database".
In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40116 โผ
๐ Read
via "National Vulnerability Database".
In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40128 โผ
๐ Read
via "National Vulnerability Database".
In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46509 โผ
๐ Read
via "National Vulnerability Database".
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46208 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors รขโฌโ Car Dealer, Classifieds & Listing plugin <=ร 1.4.6 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5828 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-34834 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40127 โผ
๐ Read
via "National Vulnerability Database".
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40135 โผ
๐ Read
via "National Vulnerability Database".
In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40140 โผ
๐ Read
via "National Vulnerability Database".
In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40130 โผ
๐ Read
via "National Vulnerability Database".
In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46407 โผ
๐ Read
via "National Vulnerability Database".
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29009 โผ
๐ Read
via "National Vulnerability Database".
baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.๐ Read
via "National Vulnerability Database".