π¨ CVE-2022-22272
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
π@cveNotify
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
π@cveNotify
π¨ CVE-2020-18418
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.
π@cveNotify
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.
π@cveNotify
GitHub
Vulnerability-detection/feifeicms/FeiFeiCMS_4.1_csrf.doc at master Β· GodEpic/Vulnerability-detection
Contribute to GodEpic/Vulnerability-detection development by creating an account on GitHub.
π¨ CVE-2023-29068
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
π@cveNotify
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
π@cveNotify
π¨ CVE-2023-25004
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
π@cveNotify
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
π@cveNotify
π¨ CVE-2023-23468
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.
π@cveNotify
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.
π@cveNotify
Ibmcloud
IBM Robotic Process Automation access control CVE-2023-23468 Vulnerability Report
IBM X-Force Exchange is a threat intelligence sharing platform enabling research on security threats, aggregation of intelligence, and collaboration with peers
π¨ CVE-2023-22593
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.
π@cveNotify
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.
π@cveNotify
Ibm
Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to security misconfiguration which may result inβ¦
IBM Robotic Process Automation for Cloud Pak is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges (CVE-2023-22593). This bulletin identifies the security fixes to apply to address this vulnerability.
π¨ CVE-2022-3993
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.
π@cveNotify
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.
π@cveNotify
huntr.dev
Authentication Bypass by Primary Weakness in kavita
1.4K developers have been protected by securing kavita. Read this report, and explore others to learn how you can also protect the world by earning cash and CVEs.
π¨ CVE-2023-3331
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to delete
specific files in the product.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to delete
specific files in the product.
π@cveNotify
π¨ CVE-2023-3330
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to obtain specific files in the product
.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to obtain specific files in the product
.
π@cveNotify
π¨ CVE-2022-48505
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system
π@cveNotify
This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system
π@cveNotify
Apple Support
About the security content of macOS Ventura 13
This document describes the security content of macOS Ventura 13.
π¨ CVE-2023-3407
The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
π@cveNotify
π¨ CVE-2023-1844
The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.
π@cveNotify
The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.
π@cveNotify
π¨ CVE-2023-28059
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28056
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28052
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28054
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28041
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28035
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28042
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28040
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.
π¨ CVE-2023-28039
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
π@cveNotify
Dell
DSA-2023-099: Dell Client BIOS Security Update for Multiple Improper Input Validation Vulnerabilities | Dell US
Dell Client BIOS remediations are available for multiple improper input validation vulnerabilities that could be exploited by malicious users to compromise the affected system.