Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-29770: Authenticated - Unrestricted file upload · Issue #384 · sapplica/sentrifugo

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.

CVE
Open in Source
#vulnerability#web#mac#apache#js#intel#php#perl#auth#firefox#sap#ssl
CVE-2023-49145: Apache NiFi Security Reports

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, then arbitrary JavaScript code can be executed within the session context of the authenticated user. Upgrading to Apache NiFi 1.24.0 or 2.0.0-M1 is the recommended mitigation.

CVE-2023-49046: IOT_VULN/Tenda/AX1803/formAddMacfilterRule.md at main · Anza2001/IOT_VULN

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.

CVE-2023-40194: TALOS-2023-1833 || Cisco Talos Intelligence Group

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Gentoo Linux Security Advisory 202311-18

Gentoo Linux Security Advisory 202311-18 - Multiple vulnerabilities have been discovered in GLib. Versions greater than or equal to 2.74.4 are affected.

Gentoo Linux Security Advisory 202311-17

Gentoo Linux Security Advisory 202311-17 - Multiple vulnerabilities have been discovered in phpMyAdmin, the worst of which allows for denial of service. Versions greater than or equal to 5.2.0 are affected.

Gentoo Linux Security Advisory 202311-16

Gentoo Linux Security Advisory 202311-16 - Multiple denial of service vulnerabilities have been found in Open vSwitch. Versions greater than or equal to 2.17.6 are affected.

Gentoo Linux Security Advisory 202311-15

Gentoo Linux Security Advisory 202311-15 - Multiple vulnerabilities have been discovered in LibreOffice, the worst of which could lead to code execution. Versions greater than or equal to 7.5.3.2 are affected.

CSZ CMS 1.3.0 Remote Command Execution

CSZ CMS version 1.3.0 suffers from a remote command execution vulnerability. Exploit written in Python.

U.S., U.K., and Global Partners Release Secure AI System Development Guidelines

The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems. "The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, and establishes organizational structures where secure design is a top priority," the U.S.