This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. Authentication is required to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of ManageEngine ServiceDesk Plus. Authentication is required to exploit this vulnerability.

Read More

Multiple vulnerabilities have been discovered in Fortinet Products, the most severe of which could allow for arbitrary code execution. Fortinet has several products that are able to deliver high-performance network security solutions that protect your network, users, and data from continually evolving threats.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor’s position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that “Auto-fill on page load” is not enabled by default.

Read More

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

Read More