🕴 Remcos RAT Targets Tax Pros to Scurry Off With Workers' Filing Info 🕴
📖 Read
via "Dark Reading".
Something exciting to liven up tax season: cybercriminals accessing sensitive personal information for individuals through the army of accountants preparing for Tax Day in the US.📖 Read
via "Dark Reading".
Dark Reading
Remcos RAT Targets Tax Pros to Scurry Off With Workers' Filing Info
Something exciting to liven up tax season: cybercriminals accessing sensitive personal information for individuals through the army of accountants preparing for Tax Day in the US.
‼ CVE-2023-26412 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27748 ‼
📖 Read
via "National Vulnerability Database".
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26410 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20866 ‼
📖 Read
via "National Vulnerability Database".
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27667 ‼
📖 Read
via "National Vulnerability Database".
Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27747 ‼
📖 Read
via "National Vulnerability Database".
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26414 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-1271 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** Duplicate. Please use CVE-2023-24421.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22951 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-29573 ‼
📖 Read
via "National Vulnerability Database".
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26409 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26413 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26411 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27746 ‼
📖 Read
via "National Vulnerability Database".
BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-26398 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24509 ‼
📖 Read
via "National Vulnerability Database".
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26415 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20863 ‼
📖 Read
via "National Vulnerability Database".
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48468 ‼
📖 Read
via "National Vulnerability Database".
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26416 ‼
📖 Read
via "National Vulnerability Database".
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".