🚨 CVE-2023-35857
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
🎖@cveNotify
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
🎖@cveNotify
🚨 CVE-2023-35856
A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.
🎖@cveNotify
A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.
🎖@cveNotify
GitHub
GitHub - MikeIsAStar/Mario-Kart-Wii-Remote-Code-Execution: Injects arbitrary code into a client's game.
Injects arbitrary code into a client's game. Contribute to MikeIsAStar/Mario-Kart-Wii-Remote-Code-Execution development by creating an account on GitHub.
🚨 CVE-2023-35855
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.
🎖@cveNotify
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.
🎖@cveNotify
GitHub
GitHub - MikeIsAStar/Counter-Strike-Remote-Code-Execution: Injects arbitrary code into a client's game.
Injects arbitrary code into a client's game. Contribute to MikeIsAStar/Counter-Strike-Remote-Code-Execution development by creating an account on GitHub.
🚨 CVE-2023-35853
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
🎖@cveNotify
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
🎖@cveNotify
Stamus-Networks
Stamus Labs | Stamus Networks
Stamus Networks has a long history of developing and supporting open source technologies. Our founders are both members of the Open Information Security Foundation executive team and developers on the Suricata project. Stamus Labs currently manages four active…
🚨 CVE-2023-35852
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
🎖@cveNotify
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
🎖@cveNotify
Stamus-Networks
Stamus Labs | Stamus Networks
Stamus Networks has a long history of developing and supporting open source technologies. Our founders are both members of the Open Information Security Foundation executive team and developers on the Suricata project. Stamus Labs currently manages four active…
🚨 CVE-2023-34657
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
🎖@cveNotify
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
🎖@cveNotify
GitHub
EyouCMS v1.6.2 has stored xss · Issue #43 · weng-xianhu/eyoucms
There is a storage type cross site scripting vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.2
🚨 CVE-2023-35862
libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.
🎖@cveNotify
libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.
🎖@cveNotify
GitHub
Tags · obgm/libcoap
A CoAP (RFC 7252) implementation in C. Contribute to obgm/libcoap development by creating an account on GitHub.
🚨 CVE-2023-34642
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.
🎖@cveNotify
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.
🎖@cveNotify
Kioware
KioWare | Kiosk System Software
KioWare kiosk system software - kiosk browser software to secure the OS in lockdown kiosk mode. Free trial available.
🚨 CVE-2023-34641
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
🎖@cveNotify
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
🎖@cveNotify
Kioware
KioWare | Kiosk System Software
KioWare kiosk system software - kiosk browser software to secure the OS in lockdown kiosk mode. Free trial available.
🚨 CVE-2023-32538
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201.
🎖@cveNotify
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-32273
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201.
🎖@cveNotify
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-32270
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-32201
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.
🎖@cveNotify
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-30759
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
🎖@cveNotify
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
🎖@cveNotify
Ricoh
Vulnerability Information | Global | Ricoh
[Ricoh Global Official Website]
🚨 CVE-2023-32542
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-32288
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-31239
Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.
🎖@cveNotify
Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-27396
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
🎖@cveNotify
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
🎖@cveNotify
🚨 CVE-2023-32276
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
🎖@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
🚨 CVE-2023-35866
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes.
🎖@cveNotify
In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes.
🎖@cveNotify
GitHub
Insecure Two-Factor-Authentication settings modification · Issue #9391 · keepassxreboot/keepassxc
Overview Having set up a YubiKey for my Two-Factor-Authentication i noticed that a confirmation through the set up second-factor is not required when making changes to security-settings within that...
🚨 CVE-2023-34603
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
🎖@cveNotify
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
🎖@cveNotify
GitHub
org.jeecg.modules.api.controller.SystemApiController.queryFilterTableDictInfo方法导致SQL注入 · Issue #4984 · jeecgboot/JeecgBoot
版本号: 3.5.1以及之前的所有版本 前端版本:vue3版?还是 vue2版? vue3版 问题描述: 与问题#4983 类似,访问org.jeecg.modules.api.controller.SystemApiController类中的queryFilterTableDictInfo方法会触发SQL注入,根据需求获取数据库中的关键信息。主要原因还是绕过SQL注入检测方法后,Mybat...