IS Security CERT Global

    • CVE-2023-44270
      An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be r discrepancies, as demonstrated by @font-face{ font:(r/*);} ... read more
    • CVE-2023-5296
      A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The ... read more
    • CVE-2023-5297
      A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup ... read more
    • CVE-2023-5294
      A vulnerability has been found in ECshop 4.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/order.php. The manipulation of the argument goods_id ... read more
    • CVE-2023-41332 (cilium)
      Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium ... read more
    • CVE-2023-42487 (soundminer)
      Soundminer – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ... read more
    • JVN: Rockwell Automation製PanelView 800における不適切な入力検証の脆弱性
      Rockwell Automationが提供するPanelView 800には、不適切な入力検証の脆弱性が存在します。続きを読む ... read more
    • JVN: DEXMA製DexGateにおける複数の脆弱性
      DEXMAが提供するDexGateには、複数の脆弱性が存在します。続きを読む ... read more
    • ESB-2023.5594 – [Debian] ncurses: CVSS (Max): 6.5
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5594 ncurses security update 29 September 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ncurses Publisher: Debian Operating ... read more
    • ESB-2023.5592 – [Debian] firefox-esr: CVSS (Max): 7.5
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5592 firefox-esr security update 29 September 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: firefox-esr Publisher: Debian Operating ... read more
    • ESB-2023.5593 – [Debian] jetty9: CVSS (Max): 5.3
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5593 jetty9 security update 29 September 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: jetty9 Publisher: Debian Operating ... read more
    • CVE-2023-43014
      Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents ... read more
    • CVE-2023-43654
      TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write ... read more
    • CVE-2023-44174
      Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability. ... read more
    • CVE-2023-43739
      The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. ... read more
    • CVE-2023-44165
      The 'Password' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. ... read more
    • CVE-2023-44163
      The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. ... read more
    • CVE-2023-44168
      The 'phone' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. ... read more
    • CVE-2023-44164
      The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. ... read more
    • CVE-2023-44167
      The 'name' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. ... read more
    • CVE-2023-44166
      The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. ... read more
    • CVE-2023-43662
      ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint ... read more
    • ESB-2023.5548 – [Cisco] Cisco IOS and IOS XE Software: CVSS (Max): 8.0
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5548 Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability 28 September 2023 =========================================================================== AusCERT Security Bulletin ... read more
    • ESB-2023.5544 – [Cisco] Cisco IOS XE Software: CVSS (Max): 8.6
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5544 Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability ... read more
    • ESB-2023.5547 – [Cisco] Cisco IOS and IOS XE Software: CVSS (Max): 6.6
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5547 Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability 28 September ... read more
    • ESB-2023.5541 – [Cisco] Cisco IOS XE Software: CVSS (Max): 8.6
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5541 Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability 28 ... read more
    • ESB-2023.5543 – [Cisco] Cisco IOS XE Software: CVSS (Max): 8.8
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5543 Cisco IOS XE Software Web UI Command Injection Vulnerability 28 September 2023 =========================================================================== AusCERT Security Bulletin Summary ... read more
    • ESB-2023.5546 – [Cisco] Cisco IOS XE Software: CVSS (Max): 6.1
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5546 Cisco IOS XE Software for Wireless LAN Controllers Wireless Network Control Denial of Service Vulnerability 28 September ... read more
    • ESB-2023.5545 – [Cisco] Cisco IOS XE Software: CVSS (Max): 8.6
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5545 Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability 28 ... read more
    • ESB-2023.5542 – [Cisco] Cisco IOS XE Software: CVSS (Max): 8.6
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5542 Cisco IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability 28 September 2023 =========================================================================== AusCERT ... read more
    • CVE-2023-43660
      Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending ... read more
    • CVE-2023-44080
      An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. ... read more
    • CVE-2023-43233
      A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title ... read more
    • CVE-2023-43192
      SQL injection can exist in a newly created part of the JFinalcms background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy ... read more
    • CVE-2023-41445
      Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component. ... read more
    • CVE-2023-43314
      Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component. ... read more
    • CVE-2023-41448
      Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component. ... read more
    • CVE-2023-41451
      Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. ... read more
    • CVE-2023-43191
      JFinalCMS foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's ... read more
    • CVE-2023-41453
      Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. ... read more
    • CVE-2023-41452
      Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. ... read more
    • CVE-2023-41449
      An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. ... read more
    • CVE-2023-43320
      An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker ... read more
    • CVE-2023-5161
      The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on ... read more
    • お知らせ:CyberNewsFlash「Apple製品のアップデートについて(2023年9月 第2号)」(更新)
      ... read more
    • Shihonkanri Plus vulnerable to relative path traversal
      Shihonkanri Plus contains a relative path traversal vulnerability. ... read more
    • Emerging technologies make it easier to phish
      The European Cybersecurity Month (ECSM) campaign will focus on social engineering, a top cyber threat. ... read more
    • ESB-2023.5505 – [Virtual] Xen: CVSS (Max): 5.5
      -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.5505 x86/AMD: Divide speculative information leak 26 September 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Xen Publisher: ... read more
    • JVN: Panasonic製KW Watcherにおける複数の脆弱性
      Panasonicが提供するKW Watcherには、複数の脆弱性が存在します。続きを読む ... read more
    • Multiple vulnerabilities in Panasonic KW Watcher
      KW Watcher provided by Panasonic contains multiple vulnerabilities. ... read more
Title Category Tag

Will you Embrace AI Fast Enough – ATKearney

 Artificial Intelligence Artificial Intelligence AI ATKearney