11235 matches found
Update now! February's Patch Tuesday tackles three zero-days
The Patch Tuesday roundup from Microsoft for February 2023 includes three zero-days. Not exactly what we had in mind for Valentine's Day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. As far as we can tell, onl...
WordPress Quiz And Survey Master 8.0.8 Media Deletion Vulnerability
WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL:...
WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery Vulnerability
WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a cross site request forgery vulnerability. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Cross-Site Request Forgery CSR...
WordPress Quiz And Survey Master 8.0.8 Media Deletion
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Missing Authentication for Critical Function CWE-306 Date found: 2023-01-13 Date published: 2023-02-0...
WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Cross-Site Request Forgery CSRF CWE-352 Date found: 2023-01-13 Date published: 2023-02-08 CVSSv3 Scor...
GitLab GitHub Repo Import Deserialization Remote Code Execution Exploit
An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested defaultbranch. GitLab will cache this object and then deserialize it when...
CVE-2022-47507
CVE-2022-47507 describes a Deserialization of Untrusted Data weakness in SolarWinds Platform (SolarWinds Network Performance Monitor/Web Console context). Public sources note that an attacker with Orion admin‑level access can execute arbitrary commands, with some sources indicating remote code ex...
GitLab GitHub Repo Import Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GitHub Repo Import Deserialization RCE', 'Description' = %q An authenticated user can import a repository from GitHub into GitLab. If a us...
Microsoft .NET Framework DoS And RCE Vulnerabilities (KB5022729)
This host is missing an important security update according to Microsoft KB5022729 Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
Microsoft .NET Framework DoS And RCE Vulnerabilities (KB5022782)
This host is missing an important security update according to Microsoft KB5022782 Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
Microsoft .NET Framework DoS And RCE Vulnerabilities (KB5022727)
This host is missing an important security update according to Microsoft KB5022727 Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
Microsoft Office Outlook 2019 RCE Vulnerability (Feb 2023) - Mac OS X
This host is missing an important security update for Microsoft Office Outlook 2019 on Mac OS X according to Microsoft security update February 2023 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Microsoft .NET Framework DoS And RCE Vulnerabilities (KB5022728)
This host is missing an important security update according to Microsoft KB5022728 Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
CVE-2023-21808
CVE-2023-21808 is a remote code execution vulnerability in .NET and Visual Studio related to how debugging symbols are read. Connected sources confirm affected products include .NET 6.0/7.0 runtimes and SDKs and Visual Studio components, with the root cause in the handling of symbol files (debug ...
CVE-2023-21808 .NET and Visual Studio Remote Code Execution Vulnerability
...
CVE-2023-21716 Microsoft Word Remote Code Execution Vulnerability
...
CVE-2023-21703
CVE-2023-21703 affects Azure Data Box Gateway. The connected documents describe a Remote Code Execution vulnerability caused by insufficient access restrictions in Azure Data Box Gateway, enabling an attacker to execute arbitrary code remotely. The issue is tracked across multiple sources, with M...
CVE-2023-21805
Technical details about CVE-2023-21805 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2023-21797 Microsoft ODBC Driver Remote Code Execution Vulnerability
...
Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 73 vulnerabilities. Of these vulnerabilities, 8 are classified as "Critical", 64 are classified as "Important", one vulnerability is classified as "Moderate." According to Microsoft none of the vulnerabilities has been publicly...