๐ด Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed ๐ด
๐ Read
via "Dark Reading".
In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518.๐ Read
via "Dark Reading".
Dark Reading
Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed
In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518.
โผ CVE-2022-43555 โผ
๐ Read
via "National Vulnerability Database".
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability๐ Read
via "National Vulnerability Database".
โผ CVE-2022-43554 โผ
๐ Read
via "National Vulnerability Database".
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability๐ Read
via "National Vulnerability Database".
โผ CVE-2023-47235 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-44569 โผ
๐ Read
via "National Vulnerability Database".
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-47233 โผ
๐ Read
via "National Vulnerability Database".
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-47234 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41725 โผ
๐ Read
via "National Vulnerability Database".
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability๐ Read
via "National Vulnerability Database".
โผ CVE-2023-41726 โผ
๐ Read
via "National Vulnerability Database".
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability๐ Read
via "National Vulnerability Database".
โผ CVE-2022-3172 โผ
๐ Read
via "National Vulnerability Database".
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-36677 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-45189 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-35910 โผ
๐ Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free รขโฌโ Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free รขโฌโ Contact Form Builder for WordPress: from n/a through 6.0.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46381 โผ
๐ Read
via "National Vulnerability Database".
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46380 โผ
๐ Read
via "National Vulnerability Database".
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40922 โผ
๐ Read
via "National Vulnerability Database".
kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46382 โผ
๐ Read
via "National Vulnerability Database".
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46963 โผ
๐ Read
via "National Vulnerability Database".
An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function.๐ Read
via "National Vulnerability Database".
โค1
โผ CVE-2018-25092 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483.๐ Read
via "National Vulnerability Database".
โผ CVE-2017-20187 โผ
๐ Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32840 โผ
๐ Read
via "National Vulnerability Database".
In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).๐ Read
via "National Vulnerability Database".