Threat Advisory: 3CX Softphone Supply Chain Compromise

Cisco Talos is tracking and actively responding to a supply chain attack involving the 3CX Desktop Softphone application. This is a multi-stage attack that involves sideloading DLLs, seven-day sleep routines, and additional payloads dependent on a now-removed GitHub repository for Windows-based...

CVE-2023-1741

A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The...

Sql injection

A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The...

CVE-2023-1741 jeecg-boot Sleep Command SysDictMapper.java sql injection

A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The...

CVE-2023-23002

A NULL pointer dereference flaw was found in the Linux kernel’s HCI In-Band Sleep feature over the serial port interfaceH4. This flaw allows a local user to crash the system...

PT-2023-17206 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: jeecg-boot version 3.5.0 Description: A vulnerability was found in the file SysDictMapper.java of the component Sleep Command Handler, leading to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public...

sql injection

Description multiple sql injections due to unsanitized concatenating strings into where clause Collaborator: @ub3rsick Proof of Concept - assets controller 1- to trigger the request for sqli: go to files - assets - select a folder - right click - download as zip 2- replay the request to...

The vulnerability of AMD’s SMT processor technology, which allows a hacker to disclose protected information

The vulnerability of AMD’s SMT processor technology is related to errors that occur after the processor’s core exits the C0 sleep state. Exploiting this vulnerability can allow an attacker to disclose protected information i.e., gain access to the RAP Return Address Predictor...

10WebMapBuilder < 1.0.73 - Unauthenticated SQLi

The plugin does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Note: /2022/12/29/map/ is page/post where the GoogleMapsWD is embed POST /2022/12/29/map/ HTTP/1.1 Content-Type:...

SUSE CVE-2010-1861

The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's sleep function to interrupt an internal call to the shmputvar function, which triggers access of a freed resource...

SUSE CVE-2015-5310

The WNM Sleep Mode code in wpasupplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection MFP was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service ignored packets via a...

SUSE CVE-2017-13087

Wi-Fi Protected Access WPA and WPA2 that support 802.11v allows reinstallation of the Group Temporal Key GTK when processing a Wireless Network Management WNM Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients...

SUSE CVE-2022-1975

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space...

January 26, 2023—KB5022360 (OS Build 22621.1194) Preview

January 26, 2023—KB5022360 OS Build 22621.1194 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to...

GSD-2023-1000374 btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()

btrfs: qgroup: fix sleep from invalid context bug in btrfsqgroupinherit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.301 by commit...

GSD-2023-1000343 btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()

btrfs: qgroup: fix sleep from invalid context bug in btrfsqgroupinherit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.268 by commit...

GSD-2023-1000192 btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()

btrfs: qgroup: fix sleep from invalid context bug in btrfsqgroupinherit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.82 by commit...

GSD-2023-1000105 btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()

btrfs: qgroup: fix sleep from invalid context bug in btrfsqgroupinherit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.12 by commit...

GSD-2023-1000086 mptcp: fix sleep in atomic at close time

mptcp: fix sleep in atomic at close time This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.12 by commit...

PT-2023-33475 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.19 Description: The issue allows sleep in qed mcp trace dump. The actual impact and attack plausibility have not yet been proven. It was introduced in version v4.9 and fixed in Linux Kernel version v6.0.19...