kernel: Intel firmware update for Incorrect default permissions in some memory controller configurations

A flaw was found in the Linux kernel. Some IntelR XeonR processors with Intel® Software Guard Extensions SGX may allow privilege escalation. This issue may allow a privileged user to enable privilege escalation via local access...

CVE-2023-43139

An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components...

Design/Logic Flaw

An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components...

GHSA-W9VH-HV5G-7WMR SaToken authentication bypass vulnerability

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

SaToken authentication bypass vulnerability

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2023-43961

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2023-43961

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2023-43961

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

Authentication flaw

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2023-43961

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

SaToken authentication bypass vulnerability

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

CVE-2023-43961

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

Vulnerability of microprogrammed programmable logic controllers MELSEC-F: related to authentication breaches, allowing attackers to circumvent existing security restrictions

The vulnerability of MELSEC-F programmable logic controllers’ microprogramming software is related to authentication breaches. Exploiting this vulnerability allows an attacker, operating remotely, to circumvent existing security restrictions...

Cisco IOS XE vulnerability widely exploited in the wild

An authentication bypass affecting Cisco IOS X was disclosed on October 16, 2023. Researchers have found since then that the vulnerability is widely being exploited in the wild to help install implants on affected switches and routers. Cisco IOS XE is a universally deployed Internetworking...

CVE-2023-43777 Insecure storage of password in easySoft

Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored...

PT-2023-29052 · Dromara · Dromara Satoken

Name of the Vulnerable Software and Affected Versions: Dromara SaToken versions 1.3.50RC and earlier Description: An issue in Dromara SaToken when using Spring dynamic controllers may cause an authentication bypass due to a specially crafted request. Recommendations: For Dromara SaToken versions...

Samba Security Vulnerabilities

Samba is the standard Windows interoperability program suite for Linux and Unix. A security vulnerability exists in Samba versions prior to 4.19.1, prior to 4.18.8, and prior to 4.17.12, which stems from the exposure of Samba AD DC passwords to privileged users and RODCs, with RODCs and users wit...

Cisco IOS XE Software for Wireless LAN Controllers Wireless Network Control DoS (cisco-sa-wlc-wncd-HFGMsfSD)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Wireless Network Control daemon wncd of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS...

SUSE CVE-2023-42670

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes for example,...

UBUNTU-CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...