KB5029186 - Description of the security update for SQL Server 2016 SP3 GDR: October 10, 2023
KB5029186 - Description of the security update for SQL Server 2016 SP3 GDR: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update...
5.5CVSS
5.9AI Score
0.001EPSS
KB5029185 - Description of the security update for SQL Server 2014 SP3 CU4: October 10, 2023
KB5029185 - Description of the security update for SQL Server 2014 SP3 CU4: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update...
5.5CVSS
5.9AI Score
0.001EPSS
KB5029184 - Description of the security update for SQL Server 2014 SP3 GDR: October 10, 2023
KB5029184 - Description of the security update for SQL Server 2014 SP3 GDR: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update...
5.5CVSS
5.9AI Score
0.001EPSS
KB5029187 - Description of the security update for SQL Server 2016 SP3 Azure Connect Feature Pack: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...
5.5CVSS
5.9AI Score
0.001EPSS
8.8CVSS
7.1AI Score
0.002EPSS
Unbreakable Enterprise kernel security update
[5.15.0-106.131.4] - jbd2: check 'jh->b_transaction' before removing it from checkpoint (Zhihao Cheng) - jbd2: fix checkpoint cleanup performance regression (Zhang Yi) - scsi: qla2xxx: Fix TMF leak through (Quinn Tran) - scsi: qla2xxx: Fix command flush during TMF (Quinn Tran) - scsi: qla2xxx:.....
7.8CVSS
7.6AI Score
0.001EPSS
8.8CVSS
9AI Score
EPSS
8.8CVSS
8.8AI Score
0.002EPSS
k-online.com Cross Site Scripting vulnerability OBB-3731158
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
k-silikat.ru Cross Site Scripting vulnerability OBB-3722971
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before...
9.8CVSS
9.7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before...
9.8CVSS
9.9AI Score
0.001EPSS
k-daidouyouchien.org Cross Site Scripting vulnerability OBB-3722805
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Exploit for SQL Injection in Koha-Community Koha Library Software
CVE-2023-44961 PoC for CVE-2023-44961 Description This is...
7.5CVSS
8.6AI Score
0.001EPSS
Know your Malware – A Beginner’s Guide to Encoding Techniques Used to Obfuscate Malware
With the launch of Wordfence CLI, our high performance security scanner that can detect the vast majority of PHP malware targeting WordPress, Wordfence continues to emphasize the importance of malware detection and remediation. Malware targeting WordPress uses a variety of obfuscation techniques...
7.4AI Score
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service Vulnerability
Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi...
7AI Score
7.1AI Score
Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I...
9.8CVSS
9.2AI Score
0.976EPSS
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS
Title: Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS Advisory ID: ZSL-2023-5795 Type: Local/Remote Impact: DoS Risk: (4/5) Release Date: 30.09.2023 Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television...
5.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to....
8.8CVSS
8.8AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The...
5.4CVSS
5.3AI Score
0.001EPSS
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to...
8.8CVSS
8.8AI Score
0.001EPSS
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been...
8.8CVSS
8.9AI Score
0.001EPSS
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the...
8.8CVSS
8.7AI Score
0.001EPSS
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...
9.1CVSS
9.2AI Score
0.001EPSS
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or...
6.6CVSS
7.1AI Score
0.008EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before...
8.8CVSS
8.8AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before...
8.8CVSS
8.6AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before...
9.8CVSS
9.9AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before...
9.8CVSS
9.7AI Score
0.001EPSS
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to...
7.5CVSS
7.2AI Score
0.021EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915...
9.8CVSS
9.7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915...
9.8CVSS
9.9AI Score
0.001EPSS
Getting RCE in Chrome with incorrect side effect in the JIT compiler
In this post, I'll explain how to exploit CVE-2023-3420, a type confusion vulnerability in v8 (the Javascript engine of Chrome), that I reported in June 2023 as bug 1452137. The bug was fixed in version 114.0.5735.198/199. It allows remote code execution (RCE) in the renderer sandbox of Chrome by.....
9.6CVSS
8.3AI Score
0.971EPSS
Signal Will Leave the UK Rather Than Add a Backdoor
Totally expected, but still good to hear: Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country's recently passed Online Safety Bill forced...
7AI Score
k.4shared.com Open Redirect vulnerability OBB-3711191
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.6AI Score
About the security content of macOS Sonoma 14
About the security content of macOS Sonoma 14 This document describes the security content of macOS Sonoma 14. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
10CVSS
10AI Score
0.028EPSS
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML...
4.3CVSS
4.6AI Score
0.001EPSS
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be...
7.5CVSS
7.3AI Score
0.001EPSS
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`
Impact yt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combined....
8.3CVSS
7.9AI Score
0.005EPSS
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`
Impact yt-dlp allows the user to provide shell commands to be executed at various stages in its download process through the --exec flag. This flag allows output template expansion in its argument, so that video metadata values may be used in the shell commands. The metadata fields can be combined....
8.3CVSS
7.9AI Score
0.005EPSS
RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption PoC
Title: RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption PoC Advisory ID: ZSL-2023-5788 Type: Local/Remote Impact: System Access, DoS Risk: (3/5) Release Date: 22.09.2023 Summary Royal TS is an ideal tool for system engineers and other IT professionals who need remote access to systems...
7.8CVSS
7.7AI Score
0.001EPSS
(RHSA-2023:5337) Important: Red Hat Integration Camel K 1.10.2 release security update
A security update for Camel K 1.10.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): quarkus-vertx-http: quarkus: HTTP security policy bypass(CVE-2023-4853) See the Red Hat Security Bulletin in the References section for...
6.5AI Score
0.002EPSS
sudo-rs Session File Relative Path Traversal vulnerability
Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...
8.1CVSS
7.2AI Score
0.001EPSS
sudo-rs Session File Relative Path Traversal vulnerability
Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...
8.1CVSS
7.2AI Score
0.001EPSS
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
8.1CVSS
8.2AI Score
0.001EPSS
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
8.1CVSS
8.1AI Score
0.001EPSS
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
8.1CVSS
6.2AI Score
0.001EPSS
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
8.1CVSS
7.4AI Score
0.001EPSS
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
8.1CVSS
8.2AI Score
0.001EPSS