‼ CVE-2023-22804 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46892 ‼
📖 Read
via "National Vulnerability Database".
In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22807 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22805 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45586 ‼
📖 Read
via "National Vulnerability Database".
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0361 ‼
📖 Read
via "National Vulnerability Database".
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45587 ‼
📖 Read
via "National Vulnerability Database".
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0103 ‼
📖 Read
via "National Vulnerability Database".
If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0102 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22806 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-22803 ‼
📖 Read
via "National Vulnerability Database".
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.📖 Read
via "National Vulnerability Database".
🕴 3 Ways CISOs Can Lead Effectively and Avoid Burnout 🕴
📖 Read
via "Dark Reading".
Information security is a high-stakes field with sky-high expectations. Here's how CISOs can offset the pressures and stay healthy.📖 Read
via "Dark Reading".
Dark Reading
3 Ways CISOs Can Lead Effectively and Avoid Burnout
Information security is a high-stakes field with sky-high expectations. Here's how CISOs can can offset the pressures and stay healthy.
👍1
🕴 Brivo Reveals Top Security Trends for 2023: Convenience Is King in Securing the Hybrid Workplaces of the Future 🕴
📖 Read
via "Dark Reading".
Factoring user experience and convenience into how employees and tenants access buildings is top concern for security professionals says benchmark industry survey.📖 Read
via "Dark Reading".
Dark Reading
Brivo Reveals Top Security Trends for 2023: Convenience Is King in Securing the Hybrid Workplaces of the Future
Factoring user experience and convenience into how employees and tenants access buildings is top concern for security professionals says benchmark industry survey.
🕴 GAO Calls for Improved Data Privacy Protections 🕴
📖 Read
via "Dark Reading".
US federal watchdog agency outlines key measures for better protecting sensitive data under the federal government's control.📖 Read
via "Dark Reading".
Dark Reading
GAO Calls for Improved Data Privacy Protections
US federal watchdog agency outlines key measures for better protecting sensitive data under the federal government's control.
🕴 Call for Speakers Now Open for the RH-ISAC Cyber Intelligence Summit 🕴
📖 Read
via "Dark Reading".
Retail & Hospitality ISAC invites industry leaders, experts, and innovators to submit proposals for presentations and panel discussions.📖 Read
via "Dark Reading".
Dark Reading
Call for Speakers Now Open for the RH-ISAC Cyber Intelligence Summit
Retail & Hospitality ISAC invites industry leaders, experts, and innovators to submit proposals for presentations and panel discussions.
‼ CVE-2023-23459 ‼
📖 Read
via "National Vulnerability Database".
Priority Windows may allow Command Execution via SQL Injection using an unspecified method.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23847 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23466 ‼
📖 Read
via "National Vulnerability Database".
Media CP Media Control Panel latest version. Insufficiently protected credential change.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23458 ‼
📖 Read
via "National Vulnerability Database".
Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23464 ‼
📖 Read
via "National Vulnerability Database".
Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-23850 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".