The vulnerability of the ksmbd module in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the ksmbd module in Linux operating systems is related to the improper release of resources. Exploiting this vulnerability allows a remote attacker to cause service failures using the SMB2SESSIONSETUP command...

Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

GHSA-GW42-F939-FHVM Administration Console authentication bypass in openfire xmppserver

An important security issue affects a range of versions of Openfire, the cross-platform real-time collaboration server based on the XMPP protocol that is created by the Ignite Realtime community. Impact Openfire's administrative console the Admin Console, a web-based application, was found to be...

Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Ultimate Dashboard - Settings -...

WP-Piwik < 1.0.28 - Admin+ Stored XSS

The plugin does not sanitize and escape the plugin display name field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

MailChimp Subscribe Forms < 4.0.9.2 - Admin+ Stored XSS

The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

UBUNTU-CVE-2023-32250

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...

SUSE CVE-2023-32247

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2SESSIONSETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a...

SUSE CVE-2023-32250

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...

SUSE CVE-2023-32253

A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service...

SUSE CVE-2023-32255

A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion...

CVE-2023-1763

Canon IJ Network Tool/Ver.4.7.5 and earlier supported OS: OS X 10.9.5-macOS 13,IJ Network Tool/Ver.4.7.3 and earlier supported OS: OS X 10.7.5-OS X 10.8 allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software...

CVE-2023-1763

Canon IJ Network Tool/Ver.4.7.5 and earlier supported OS: OS X 10.9.5-macOS 13,IJ Network Tool/Ver.4.7.3 and earlier supported OS: OS X 10.7.5-OS X 10.8 allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software...

CVE-2023-1764

Canon IJ Network Tool/Ver.4.7.5 and earlier supported OS: OS X 10.9.5-macOS 13,IJ Network Tool/Ver.4.7.3 and earlier supported OS: OS X 10.7.5-OS X 10.8 allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software...

Linux Kernel ksmbd Session Setup Memory Leak Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. The specific flaw exists within the handling of...

CVE-2023-1764

Canon IJ Network Tool/Ver.4.7.5 and earlier supported OS: OS X 10.9.5-macOS 13,IJ Network Tool/Ver.4.7.3 and earlier supported OS: OS X 10.7.5-OS X 10.8 allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software...

PT-2023-17224 · Canon · Canon Ij Network Tool +1

Name of the Vulnerable Software and Affected Versions: Canon IJ Network Tool versions 4.7.5 and earlier IJ Network Tool versions 4.7.3 and earlier Description: The issue allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the...

CVE-2023-2548

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

CVE-2023-2548

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

Authorization

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...