What Is Tsunami Google?
Tsunami is an open-source cybersecurity framework developed by Google. It enables security professionals to conduct large-scale, high-fidelity network security assessments,
CVE-2023-33045 : QUALCOMM 8 GEN 1 MOBILE PLATFORM NAN MANAGEMENT FRAME MEMORY CORRUPTION
Description Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. References https://www.qualcomm.com/company/product-security/bulletins/november-2023-bulletin For More
Best Alternative To Stackpath On WAF And CDN For Web Security
When it comes to maintaining your online presence and increasing website performance, you need a robust WAF (Web Application Firewall)
CVE-2023-47233 : LINUX KERNEL UP TO 6.5.10 USB DEVICE CFG80211.C BRCMF_CFG80211_DETACH USE AFTER FREE
Description The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the
CVE-2023-23368 : QNAP QTS/QUTS HERO/QUTSCLOUD OS COMMAND INJECTION
Description An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability
CVE-2023-42802 : GLPI UP TO 10.0.9 /AJAX INPUT VALIDATION
Description GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10,
CVE-2023-1193 : LINUX KERNEL UP TO 6.3-RC5 KSMBD SETUP_ASYNC_WORK USE AFTER FREE
Description A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in
CVE-2023-22518 : ATLASSIAN CONFLUENCE DATA CENTER/CONFLUENCE SERVER IMPROPER AUTHORIZATION
Description All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to
What Is A DNS Amplification Attack?
In the realm of cybersecurity, Domain Name System (DNS) amplification attacks have emerged as a significant concern for organizations worldwide.
What is CharGEN Amplification Attack?
The Character Generator (CharGEN) protocol was originally designed for testing and debugging purposes. It allows a client to request a
CVE-2023-36263 : OPARTLIMITQUANTITY MODULE UP TO 1.4.5 ON PRESTASHOP DISPLAYAJAXPUSHALERTMESSAGE SQL INJECTION
Description Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed
CVE-2023-45797 : DREAM SECURITY MAGICLINE4NX UP TO 1.0.0.26 BUFFER OVERFLOW
Description A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code. References
CVE-2023-44480 : PROJECT WORLDS LEAVE MANAGEMENT SYSTEM PROJECT 1.0 ADMIN/SETLEAVES.PHP SETCASUALLEAVE SQL INJECTION
Description Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘setcasualleave’ parameter of the admin/setleaves.php
CVE-2023-5624 : Tenable Nessus Network Monitor Alter SQL Injection
Description Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin
What Are NTP Amplification Attacks? How To Mitigate NTP Amplification Attacks?
Network Time Protocol (NTP) is a protocol used to synchronize the time across computer systems and networks. It ensures accurate
What Are UDP Floods?
UDP (User Datagram Protocol) is a connectionless protocol that allows data transmission between devices on a network. It is often
CVE-2023-34048 : VMWARE VCENTER SERVER UP TO 6.5 U2/6.7 U2/8.0 U1 DCERPC PROTOCOL OUT-OF-BOUNDS WRITE
Description vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network
What Are JavaScript Supply Chain Attacks? What Are The Techniques Used In JavaScript Supply Chain Attacks?
JavaScript supply chain attacks involve the compromise of trusted JavaScript code libraries or components used in web applications. Attackers exploit
CVE-2023-41089 : DEXMA DEXGATE IMPROPER AUTHENTICATION
Description The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate
CVE-2023-45146 : XXL-RPC DESERIALIZATION
Description XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the
CVE-2022-42920 : ORACLE UTILITIES APPLICATION FRAMEWORK UP TO 4.2.0.3.0/4.3.0.6.0/4.4.0.0.0/4.4.0.2.0 GENERAL REMOTE CODE EXECUTION
Description Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due
CVE-2023-20198 : CISCO IOS XE WEB UI REMOTE CODE EXECUTION
Description Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS
CVE-2023-45898 : LINUX KERNEL UP TO 6.5.3 FS/EXT4/EXTENTS_STATUS.C EXT4_ES_INSERT_EXTENT USE AFTER FREE
Description The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. References https://lore.kernel.org/lkml/aa03f191-445c-0d2e-d6d7-0a3208d7df7a%40huawei.com/T/ https://www.spinics.net/lists/stable-commits/msg317086.html https://lkml.org/lkml/2023/8/13/477 https://github.com/torvalds/linux/commit/768d612f79822d30a1e7d132a4d4b05337ce42ec
CVE-2023-4263 : zephyrproject-rtos Zephyr 15.4 IEEE 802.15.4 Driver Buffer Overflow
Description Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver. References https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-rf6q-rhhp-pqhf For More Information CVERecord