CVE-2023-42520

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client...

CVE-2023-42524

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security...

CVE-2023-42522

Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecu...

CVE-2023-42526

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Clien...

Oracle Linux 8 : mariadb:10.3 (ELSA-2019-3708)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3708 advisory. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6....

CVE-2023-41330 Unsafe deserialization in knplabs/knp-snappy

knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check if...

CVE-2023-41034 DDFFileParser in eclipse leshan is vulnerable to XXE Attacks

Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser and DefaultDDFFileValidator and so ObjectLoader are vulnerable to XXE Attacks. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if the...

CVE-2023-37379

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...

PT-2023-11653 · Red Hat · Spice-Server

Name of the Vulnerable Software and Affected Versions: spice-server version 0.14.0-6.el7 6.1.x86 64 Description: A security issue was discovered in Redhat's VDI product, allowing a KVM virtual machine to be restarted without authorization. The full extent of the effects is not yet known...

Path traversal

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server...

CVE-2023-26469

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server...

ESET Eset Endpoint Antivirus and Eset Server Security Security Vulnerabilities

ESET Eset Endpoint Antivirus and Eset Server Security are both products of ESET Slovakia.Eset Endpoint Antivirus is an on-premise and cloud-based anti-malware and security suite for small, medium and large organizations. Used for anti-malware, remote management, endpoint security, file security,...

CVE-2023-39523 ScanCode.io command injection in docker image fetch process

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...

CVE-2023-4141

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...

A Better Way to Secure Servers & Cloud Workloads

Why endpoint security falls short in the complexity of modern IT infrastructure...

Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining

Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots over a two-year...

CVE-2023-32637

GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server...

CVE-2022-46900

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to...

CVE-2023-32252

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to creat...

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. "Attackers can bring the application into an unexpected state,...