Intel® Optane™ DC Persistent Memory Module Management Software Advisory

Summary: A potential security vulnerability in Intel® Optane™ DC Persistent Memory Module Management Software may allow escalation of privilege and denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2020-0546...

CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...

CVE-2023-26470 In XWiki Platform, saving a document with a large object number leads to persistent OOM errors

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number e.g. 67108863. Most of the time this will fill the memory allocated to XWiki and make it unusable every...

LAPS : Randomizing Local Admin Passwords in Non-persistent Environments

Use LAPS inLocal Admin Passwords for Non-persistent Environments...

PUB-A-244713323

In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-246539931

In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-246750467

In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation...

PUB-A-246749764

In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation...

PT-2023-2101 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: The issue is related to an insufficient session expiration in the command line interface of ArubaOS. This allows an attacker to maintain a session on an affected device even after the accou...

CVE-2022-20455

In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data

A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete...

Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia

Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma. The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-lan...

Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks

An open source command-and-control C2 framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023...

CVE-2023-25811

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma name parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2023-25810

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability...

Cross site scripting

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability...

Cross site scripting

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma name parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2023-25811 Persistent Cross site scripting (XSS) in Uptime Kuma

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma name parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability...

CVE-2023-25811

CVE-2023-25811 describes a persistent cross-site scripting (XSS) vulnerability in Uptime Kuma before version 1.20.0, caused by the web UI field used for the application name. The untrusted value in the name parameter can be stored and later rendered, enabling a persistent XSS attack as noted in m...

CVE-2023-25811 Persistent Cross site scripting (XSS) in Uptime Kuma

Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma name parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability...