‼️CVE-2023-4280‼️
📖 Read more
Via "National Vulnerability Database"
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0189‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teachermessage.php of the component Create Message Handler. The manipulation of the argument Content with the input alertx leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB249502 is the identifier assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0193‼️
📖 Read more
Via "National Vulnerability Database"
A useafterfree flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbagecollected when the pipapo set is removed, the element can be deactivated twice. This can cause a useafterfree issue on an NFTCHAIN object or NFTOBJECT object, allowing a local unprivileged user to escalate their privileges on the system.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2022-3010‼️
📖 Read more
Via "National Vulnerability Database"
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-48419‼️
📖 Read more
Via "National Vulnerability Database"
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege 📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-7192‼️
📖 Read more
Via "National Vulnerability Database"
A memory leak problem was found in ctnetlinkcreateconntrack in netnetfilternfconntracknetlink.c in the Linux Kernel. This issue may allow a local attacker with CAPNETADMIN privileges to cause a denial of service DoS attack due to a refcount overflow.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0190‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file addquiz.php of the component Quiz Handler. The manipulation of the argument Quiz TitleQuiz Description with the input alertx leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB249503.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-49794‼️
📖 Read more
Via "National Vulnerability Database"
KernelSU is a Kernelbased root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named me.weishu.kernelsu get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-50711‼️
📖 Read more
Via "National Vulnerability Database"
vmmsysutil is a collection of modules that provides helpers and utilities used by multiple rustvmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapperdeserialize implementation provided by the crate for vmmsysutilfamFamStructWrapper can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rustsafe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rustunsafe code. This ensures that users cannot trigger outofbounds memory access from Rustsafe code.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-51652‼️
📖 Read more
Via "National Vulnerability Database"
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation crosssite scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file e.g., antisamy.xml by deleting the preserveComments directive or setting its value to false, if present. Also it would be useful to make AntiSamy remove the noscript tag by adding a line described in the GitHub Security Advisory to the tag definitions under the node, or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency HtmlAgilityPack. The safety of this workaround relies on configurations that may change in the future and don't address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0191‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file adminuploads. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB249504.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0192‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB249505 was assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-45561‼️
📖 Read more
Via "National Vulnerability Database"
An issue in AWORLD OIRASE BEERwaiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-45892‼️
📖 Read more
Via "National Vulnerability Database"
An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-45893‼️
📖 Read more
Via "National Vulnerability Database"
An indirect Object Reference IDOR in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2023-47458‼️
📖 Read more
Via "National Vulnerability Database"
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0194‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pagesaccount.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB249509 was assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-0195‼️
📖 Read more
Via "National Vulnerability Database"
A vulnerability, which was classified as critical, was found in spiderflow 0.4.3. Affected is the function FunctionService.saveFunction of the file srcmainjavaorgspiderflowcontrollerFunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB249510 is the identifier assigned to this vulnerability.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-21623‼️
📖 Read more
Via "National Vulnerability Database"
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the mehahotclient "Analysis SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2024-21627‼️
📖 Read more
Via "National Vulnerability Database"
PrestaShop is an opensource ecommerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the isCleanHTML method. Some modules using the isCleanHTML method could be vulnerable to crosssite scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the HTMLPurifier library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of HTML type will call isCleanHTML.📖 Read more
Via "National Vulnerability Database"
‼️CVE-2020-26623‼️
📖 Read more
Via "National Vulnerability Database"
SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the AdministrationWidget tab after the login portal.📖 Read more
Via "National Vulnerability Database"