π¨ CVE-2023-33933
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.
8.x users should upgrade to 8.1.7 or later versions
9.x users should upgrade to 9.2.1 or later versions
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.
8.x users should upgrade to 8.1.7 or later versions
9.x users should upgrade to 9.2.1 or later versions
π@cveNotify
π¨ CVE-2023-30631
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.
8.x users should upgrade to 8.1.7 or later versions
9.x users should upgrade to 9.2.1 or later versions
π@cveNotify
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.
8.x users should upgrade to 8.1.7 or later versions
9.x users should upgrade to 9.2.1 or later versions
π@cveNotify
π¨ CVE-2022-47184
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.
π@cveNotify
π¨ CVE-2023-35042
** DISPUTED ** GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
π@cveNotify
** DISPUTED ** GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023. NOTE: the vendor states that they are unable to reproduce this in any version.
π@cveNotify
π¨ CVE-2023-35801
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges. FME Flow 2023.0 is also a fixed version.
π@cveNotify
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges. FME Flow 2023.0 is also a fixed version.
π@cveNotify
Safe
FME Community | Safe Software
Connect with FME users and Safers in the official FME Community. Find thousands of articles, ask questions, help others, or suggest new FME ideas.
π¨ CVE-2023-23344
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
π@cveNotify
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
π@cveNotify
Hcl-Software
Security Bulletin: HCL BigFix WebUI Insights is susceptible to a lack of sufficient authorization (CVE-2023-23344) - Customer Support
An authenticated, unprivileged operator can access the HCL BigFix WebUI Insights administrator page through
π¨ CVE-2023-28043
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
π@cveNotify
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
π@cveNotify
Dell
DSA-2023-164: Dell Secure Connect Gateway Security Update for Multiple Vulnerabilities | Dell US
Dell Secure Connect Gateway contains remediation for multiple vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-33299
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.
π@cveNotify
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.
π@cveNotify
FortiGuard Labs
PSIRT | FortiGuard Labs
None
π¨ CVE-2023-32464
Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victimβs data in transit.
π@cveNotify
Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victimβs data in transit.
π@cveNotify
π¨ CVE-2023-32463
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
π@cveNotify
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
π@cveNotify
Dell
DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities | Dell US
Dell VxRail remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-31469
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.
π@cveNotify
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles.
The issue is resolved by upgrading to StreamPipes 0.92.0.
π@cveNotify
π¨ CVE-2023-31975
yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.
π@cveNotify
yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.
π@cveNotify
GitHub
yasm memory leak Β· Issue #210 Β· yasm/yasm
I found a memory leak bug in yasm. Please confirm. Thanks! Test Environment Ubuntu 20.04, 64 bit yasm (version: v1.3.0 ;master) How to trigger Compile the program with AddressSanitizer Run command ...
π¨ CVE-2023-25936
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28056
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28052
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28041
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28035
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28028
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-25937
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28054
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28042
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.