βΌ CVE-2023-30845 βΌ
π Read
via "National Vulnerability Database".
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases.ESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability.Upgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2.π Read
via "National Vulnerability Database".
π΄ Google 2FA Syncing Feature Could Put Your Privacy at Risk π΄
π Read
via "Dark Reading".
Researchers find that the encryption of a user's 2FA secrets are stripped after transportation to the cloud.π Read
via "Dark Reading".
Dark Reading
Google 2FA Syncing Feature Could Put Your Privacy at Risk
Researchers find that the encryption of a user's 2FA secrets are stripped after transportation to the cloud.
βΌ CVE-2022-45876 βΌ
π Read
via "National Vulnerability Database".
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1786 βΌ
π Read
via "National Vulnerability Database".
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27107 βΌ
π Read
via "National Vulnerability Database".
Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20853 βΌ
π Read
via "National Vulnerability Database".
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24836 βΌ
π Read
via "National Vulnerability Database".
SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28697 βΌ
π Read
via "National Vulnerability Database".
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47758 βΌ
π Read
via "National Vulnerability Database".
Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute arbitrary code via a DHCP hijacking attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26244 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26243 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20852 βΌ
π Read
via "National Vulnerability Database".
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26245 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2297 βΌ
π Read
via "National Vulnerability Database".
The Profile Builder Γ’β¬β User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22901 βΌ
π Read
via "National Vulnerability Database".
ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administratorΓ’β¬β’s privilege can exploit this vulnerability to access arbitrary system files.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2323 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28770 βΌ
π Read
via "National Vulnerability Database".
The sensitive information exposure vulnerability in the CGI Γ’β¬ΕExport_LogΓ’β¬οΏ½ and the binary Γ’β¬ΕzcmdΓ’β¬οΏ½ in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.π Read
via "National Vulnerability Database".
π’ Microsoft links PaperCut server attacks to Cl0p, LockBit ransomware π’
π Read
via "ITPro".
Microsoft Threat Intelligence noted attacks were facilitated by GoAnywhere vulnerabilities and the Raspberry Robin worm π Read
via "ITPro".
ITPro
Microsoft links PaperCut server attacks to Cl0p, LockBit ransomware
Microsoft Threat Intelligence noted attacks were facilitated by GoAnywhere vulnerabilities and the Raspberry Robin worm
βΌ CVE-2023-1778 βΌ
π Read
via "National Vulnerability Database".
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.The vulnerability has been addressed by forcing the user to change their default password to a new non-default password.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2327 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2328 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.π Read
via "National Vulnerability Database".