π¨ CVE-2022-22288
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
π@cveNotify
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
π@cveNotify
π¨ CVE-2022-23118
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.
π@cveNotify
Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.
π@cveNotify
Jenkins Security Advisory 2022-01-12
Jenkins β an open source automation server which enables developers around the world to reliably build, test, and deploy their software
π¨ CVE-2022-21676
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version.
π@cveNotify
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version.
π@cveNotify
GitHub
Uncaught Exception in engine.io
### Impact
A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process.
> RangeError: Invalid WebSocket frame: RSV2 and RSV...
A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process.
> RangeError: Invalid WebSocket frame: RSV2 and RSV...
π¨ CVE-2017-12271
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308.
π@cveNotify
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308.
π@cveNotify
Cisco
Cisco Security Advisory: Cisco SPA300 and SPA500 Series IP Phones Cross-Site Request Forgery Vulnerability
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device.
The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attackerβ¦
The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attackerβ¦
π¨ CVE-2016-1469
The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.
π@cveNotify
The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.
π@cveNotify
Cisco
Cisco Security Advisory: Cisco Small Business SPA3x/5x Series Denial of Service Vulnerability
A vulnerability in the HTTP framework of Cisco Small Business SPA300 Series IP Phones, Cisco Small Business SPA500 Series IP Phones, and Cisco SPA51x IP Phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition onβ¦
π¨ CVE-2022-22272
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
π@cveNotify
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
π@cveNotify
π¨ CVE-2020-18418
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.
π@cveNotify
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.
π@cveNotify
GitHub
Vulnerability-detection/feifeicms/FeiFeiCMS_4.1_csrf.doc at master Β· GodEpic/Vulnerability-detection
Contribute to GodEpic/Vulnerability-detection development by creating an account on GitHub.
π¨ CVE-2023-29068
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
π@cveNotify
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
π@cveNotify
π¨ CVE-2023-25004
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
π@cveNotify
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
π@cveNotify
π¨ CVE-2023-23468
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.
π@cveNotify
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.
π@cveNotify
Ibmcloud
IBM Robotic Process Automation access control CVE-2023-23468 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2023-22593
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.
π@cveNotify
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.
π@cveNotify
Ibm
Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to security misconfiguration which may result inβ¦
IBM Robotic Process Automation for Cloud Pak is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges (CVE-2023-22593). This bulletin identifies the security fixes to apply to address this vulnerability.
π¨ CVE-2022-3993
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.
π@cveNotify
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.
π@cveNotify
huntr.dev
Authentication Bypass by Primary Weakness in kavita
1.4K developers have been protected by securing kavita. Read this report, and explore others to learn how you can also protect the world by earning cash and CVEs.
π¨ CVE-2023-3331
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to delete
specific files in the product.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to delete
specific files in the product.
π@cveNotify
π¨ CVE-2023-3330
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to obtain specific files in the product
.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to obtain specific files in the product
.
π@cveNotify
π¨ CVE-2022-48505
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system
π@cveNotify
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system
π@cveNotify
Apple Support
About the security content of macOS Ventura 13
This document describes the security content of macOS Ventura 13.
π¨ CVE-2023-3407
The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2023-1844
The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.
π@cveNotify
The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.
π@cveNotify
π¨ CVE-2023-28059
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28056
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28052
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28054
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.