❌

Vista elenco

Sono disponibili nuovi articoli, clicca qui per caricarli.
Oggi — 1 Giugno 2023Flusso principale

Non si faccia l’errore di non ascoltare Djoko

1 Giugno 2023 ore 06:58


Quando il tennista dice che il Kosovo è il cuore della Serbia dice il vero, la storia è dalla sua. Chi lo condanna alimenta le tensioni e di fatto incita l’etnia albanese ad alzare i toni delle provocazioni. Con lo scopo mai dimenticato di realizzare la Grande Albania.

Continua a leggere

🖼 I SINDACATI OGGI DA CHE PARTE STANNO DAVVERO? - Controvento di Diego Fusaro Il sindacato dovrebbe svolgere la parte fondamentale di tutela delle ...

di: Byoblu
1 Giugno 2023 ore 08:00

I SINDACATI OGGI DA CHE PARTE STANNO DAVVERO? - Controvento di Diego Fusaro

Il sindacato dovrebbe svolgere la parte fondamentale di tutela delle ragioni dei lavoratori. Eppure oggi sembra anch'esso integralmente dalla parte del capitale...

➡️ https://www.byoblu.com/2023/06/01/i-sindacati-oggi-da-che-parte-stanno-davvero-controvento-di-diego-fusaro/

CVE-2023-2598

1 Giugno 2023 ore 03:15
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.

CVE-2023-28399

1 Giugno 2023 ore 04:15
Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program.

CVE-2023-28651

1 Giugno 2023 ore 04:15
Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.

CVE-2023-28657

1 Giugno 2023 ore 04:15
Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege. As a result, information regarding the product may be obtained and/or altered by the user.

CVE-2023-28713

1 Giugno 2023 ore 04:15
Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user.

CVE-2023-28824

1 Giugno 2023 ore 04:15
Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database.

CVE-2023-28937

1 Giugno 2023 ore 04:15
DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS, which is common to all users. If an attacker who can gain access to a target DataSpider Servista instance and obtain a Launch Settings file of ScriptRunner and/or ScriptRunner for Amazon SQS, the attacker may perform operations with the user privilege encrypted in the file.

CVE-2023-29154

1 Giugno 2023 ore 04:15
SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page.

CVE-2023-29748

1 Giugno 2023 ore 05:15
Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service.

CVE-2023-2977

1 Giugno 2023 ore 03:15
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
❌
❌