CVE-2023-2269 : LINUX KERNEL 6.2.0 IOCTL.C DM_GET_INACTIVE_TABLE DEADLOCK
Description A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in
What Is Insecure Deserialization? How To Protect The Application From Insecure Deserialization Attacks?
What is Serialization? Serialization is the process of turning an item into a format that can be transmitted over a
CVE-2023-28771 : ZYXEL USG/USG FLEX/VPN/ATP ERROR MESSAGE OS COMMAND INJECTION
Description Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through
What Is A Security Misconfiguration?
What Is Security Misconfiguration? What Is Security Misconfiguration? Security misconfiguration refers to the failure to properly configure and maintain the
CVE-2023-30621 : GIPSY UP TO 1.2 ON DISCORD PING OS COMMAND INJECTION
Description Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior
CVE-2023-20864 : VMWARE ARIA OPERATIONS FOR LOGS UP TO 8.8.X/8.10.2 DESERIALIZATION
Description VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria
CVE-2023-23451 : SICK FX0-GMOD00010 TELNET OBSOLETE FUNCTION
Description The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04
What Is XML External Entity Injection? How To Prevent XXE Attacks?
Have you ever wondered how important XML is? And how insecure it can be if XML is parsed in an
CVE-2023-28004 : SCHNEIDER ELECTRIC POWERLOGIC HDPM6000 ETHERNET REQUEST ARRAY INDEX
Description A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in
What Is Account Aggregation And How It Can Be Prevented?
Automated threats identified by the OWASP organization are malicious activities performed by automated tools. Account aggregation is one such automated
CVE-2023-30547 : VM2 UP TO 3.9.16 HANDLEEXCEPTION INJECTION
Description vm2 is a sandbox that can run untrusted code with whitelisted Node’s built-in modules. There exists a vulnerability in
CVE-2023-1803 : REDLINE ROUTER PRIOR 7.17 AUTHENTICATION BYPASS BY ALTERNATE NAME
Description Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router:
CVE-2022-33211 : QUALCOMM WCD9330 MODEM MEMORY CORRUPTION
Description memory corruption in modem due to improper check while calculating size of serialized CoAP message. References https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin For More
CVE-2023-27216 : D-LINK DSL-3782 1.03 NETWORK SETTING PRIVILEGE ESCALATION
Description An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the
What Is Components With Known Vulnerabilities? How To Mitigate The Risks Associated With The Usage Of Such Components?
Using vulnerable and outdated components is the sixth category in OWASP Top 10 web application security risks and one of
CVE-2023-27497 : SAP DIAGNOSTICS AGENT 720 ON WINDOWS EVENTLOGSERVICECOLLECTOR MISSING AUTHENTICATION
Description Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent – version 720, allows
What Is Cross-site Scripting?
All about Cross-site Scripting Cross-site scripting (XSS) is a type of web vulnerability that allows attackers to inject malicious scripts
CVE-2023-27876 : IBM TRIRIGA 4.0 XML EXTERNAL ENTITY REFERENCE
Description IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote
CVE-2023-28051 : DELL POWER MANAGER UP TO 3.10 ACCESS CONTROL
Description Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit
CVE-2023-0750 : YELLOBRIK PEC-1864 CLIENT-SIDE ENFORCEMENT OF SERVER-SIDE SECURITY
Description Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the
CVE-2023-20102 : CISCO SECURE NETWORK ANALYTICS HTTP REQUEST DESERIALIZATION
Description A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to
What Is Meant By Broken Access Control?
What is meant by Broken Access Control? Broken access control is the first category in OWASP Top 10 web application
CVE-2023-1752 : NEXX NXG-100B/NXG-200/NXPG-100W/NXAL-100 MAC ADDRESS IMPROPER AUTHENTICATION
Description The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or
CVE-2023-1765 : AKBIM COMPUTER PANON UP TO 1.0.1 SQL INJECTION
Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Akbim Computer Panon allows SQL