Rapid7 Recognized as a Strong Performer in The Forrester Wave™ for MDR, Q2 2023

Rapid7 recognized amongst the top MDR providers in the industry. As security teams try to do more with less, addressing the sprawling attack surface and monitoring the escalating threat and risk landscape, it inherently leaves them at a disadvantage. Rapid7 Managed Threat Complete empowers...

Oracle Linux 9 : mysql (ELSA-2023-2621)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2621 advisory. 8.0.32-1 - Update to MySQL 8.0.32 8.0.31-1 - Update to MySQL 8.0.31 Tenable has extracted the preceding description block directly from the Oracle Linu...

CVE-2023-30502

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...

Design/Logic Flaw

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...

CVE-2023-30506 Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...

CVE-2023-30501 Authenticated Remote Code Execution in Aruba EdgeConnect Enterprise Command Line Interface

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...

PT-2023-2910 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: Vulnerabilities exist in the command line interface of Aruba EdgeConnect Enterprise that allow remote authenticated users to run arbitrary commands on the underlying...

CVE-2023-23788

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Florin Arjocu Custom More Link Complete plugin = 1.4.1 versions...

CVE-2023-23788

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Florin Arjocu Custom More Link Complete plugin = 1.4.1 versions...

CVE-2023-23788

CVE-2023-23788 affects the WordPress plugin Custom More Link Complete by Florin Arjocu, versions

Slashing can be frontrunned

Lines of code Vulnerability details Proof of Concept When attempting to withdraw funds, the user calls queueWithdrawal first. queueWithdrawal checks that the caller is not frozen, then marks the withdrawal as pending. function queueWithdrawal uint256 calldata strategyIndexes, IStrategy calldata...

Oracle GoldenGate (April 2023 CPU)

The version of GoldenGate installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerabilities in Oracle GoldenGate component: Oracle GoldenGate jackson-databind. Supported versions that are affected are Prior to 19.1.0.0.230418 a...

CVE-2023-21964

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogi...

CVE-2023-21920

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-21911

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

CVE-2023-21929

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

Vulnerability Spotlight: Hard-coded password vulnerability could allow attacker to completely take over Lenovo Smart Clock

Kelly Leuschner and Thorsten Rosendahl discovered this vulnerability. Cisco Talos researchers recently discovered a vulnerability in the Lenovo Smart Clock Essential that could allow an attacker to completely take over the device if they have access to the network the clock is connected to...

ReraiseETHCrowdfund.sol: Multiple scenarios how pending votes might not be claimable which is a complete loss of funds for a user

Lines of code Vulnerability details Impact This issue is about how the ReraiseETHCrowdfund claim functionality can be broken. When the claim functionality is broken this means that a user cannot claim his voting power, resulting in a complete loss of funds. The claim functionality is not broken i...

Command injection

GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover...

MAL-2023-839 Malicious code in tdv2-applet-sports-media (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d5a83b834f080ac2d6014a13d98f1f971219a3547e4ffce139f6a9dea8b26ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...