Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-31486: security - Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules

HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

CVE
Open in Source
#web#mac#windows#linux#git#php#perl#auth#ssl
Threat Roundup for April 14 to April 21

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 21 and April 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2023-26781: SQL injection exists in your project · Issue #1 · chshcms/mccms

SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.

CVE-2023-26021: IBM® Db2® is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. (CVE-2023-26021)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.

CVE-2023-1966: Illumina Universal Copy Service Vulnerability

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.

CVE-2023-26022: IBM Db2 denial of service CVE-2023-26022 Vulnerability Report

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.

CVE-2023-27555: IBM® Db2® is vulnerable to a denial of service as the server may crash when when attempting to use ACR client affinity for unfenced DRDA federation wrappers. (CVE-2023-27555)

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.

CVE-2023-25930: IBM X-Force Exchange

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862.

CVE-2023-2371: bug_report/SQLi-1.md at main · yoyoyoyoyohane/bug_report

A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647.