π¨ CVE-2023-3159
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
π@cveNotify
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
π@cveNotify
GitHub
firewire: fix potential uaf in outbound_phy_packet_callback() Β· torvalds/linux@b7c81f8
&e->event and e point to the same address, and &e->event could
be freed in queue_event. So there is a potential uaf issue if
we dereference e after calling queue_event...
be freed in queue_event. So there is a potential uaf issue if
we dereference e after calling queue_event...
π¨ CVE-2023-29372
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
π@cveNotify
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
π@cveNotify
π¨ CVE-2023-3203
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
Wordfence
MStore API <= 3.9.6 - Cross-Site Request Forgery to Product Limit Update β Wordfence Intelligence
π¨ CVE-2023-3201
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2023-3200
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2023-3198
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
Wordfence
MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Status Update β Wordfence Intelligence
π¨ CVE-2023-3047
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.
π@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.
π@cveNotify
π¨ CVE-2023-29353
Sysinternals Process Monitor for Windows Denial of Service Vulnerability
π@cveNotify
Sysinternals Process Monitor for Windows Denial of Service Vulnerability
π@cveNotify
π¨ CVE-2022-22307
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.
π@cveNotify
IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.
π@cveNotify
Ibm
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
IBM Security Guardium has addressed these vulnerabilities
π¨ CVE-2020-12762
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
π@cveNotify
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
π@cveNotify
GitHub
Prevent out of boundary write on malicious input by stoeckmann Β· Pull Request #592 Β· json-c/json-c
I have discovered a way to trigger an out of boundary write while parsing a huge json file through a malicious input source. It can be triggered if an attacker has control over the input stream or ...
π¨ CVE-2023-2745
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the βwp_langβ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
π@cveNotify
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the βwp_langβ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
π@cveNotify
π¨ CVE-2023-25683
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.
π@cveNotify
IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC. IBM X-Force ID: 247592.
π@cveNotify
Ibm
Security Bulletin: This Power System update is being released to address CVE-2023-25683
The PowerVM Hypervisor could allow an attacker to obtain sensitive information if they gain service access to the HMC
π¨ CVE-2022-33168
IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 228588.
π@cveNotify
Ibmcloud
IBM Security Directory Suite VA denial of service CVE-2022-33168 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2022-33163
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 228571.
π@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite has multiple vulnerabilities [CVE-2022-33163 and CVE-2022-33168]
The following vulnerabilties in IBM Security Directory Suite have been addressed. Please apply the fixes shown below. [CVE-2022-33163 and CVE-2022-33168]
π¨ CVE-2022-33159
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.
π@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components.
π¨ CVE-2022-33166
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 228586.
π@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components.
π¨ CVE-2022-32757
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 228510.
π@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components.
π¨ CVE-2022-32752
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.
π@cveNotify
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 228439.
π@cveNotify
Ibm
Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues
Multiple Security Vulnerabilities in the IBM Security Directory Suite have been addressed by code updates and updating the relevant components.