Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-48914: cms/There is a csrf in the newly added section of article management.md at main · Tiamat-ron/cms

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.

CVE
Open in Source
#csrf#vulnerability#git
CVE-2023-48964: GitHub - daodaoshao/vul_tenda_i6_2

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet.

CVE-2023-48963: GitHub - daodaoshao/vul_tenda_i6_1

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget.

CVE-2023-48912: cms/There is a csrf in the article management modification section.md at main · Tiamat-ron/cms

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.

Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails

Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in Gmail. "RETVec is trained to be resilient against character-level manipulations including insertion, deletion, typos, homoglyphs, LEET substitution, and more," according to the project's

New SugarGh0st RAT targets Uzbekistan government and South Korea

Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.”

Ubuntu Security Notice USN-6523-1

Ubuntu Security Notice 6523-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code.

Online Student Clearance System 1.0 Shell Upload

Online Student Clearance System versions 1.0 and below suffer from a remote shell upload vulnerability.

GHSA-77jg-cpw9-73vg: Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

Delta Electronics DOPSoft

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics products are affected: DOPSoft: All versions 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 The affected product is vulnerable to a stack-based buffer overflow which may allow to remote code execution if an attacker can lead a legitimate user to execute a specially crafted file. CVE-2023-5944 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Taiwan 3.4 RESEARCHER Natnael Sam...