โผ CVE-2023-27107 โผ
๐ Read
via "National Vulnerability Database".
Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-20853 โผ
๐ Read
via "National Vulnerability Database".
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24836 โผ
๐ Read
via "National Vulnerability Database".
SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28697 โผ
๐ Read
via "National Vulnerability Database".
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-47758 โผ
๐ Read
via "National Vulnerability Database".
Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute arbitrary code via a DHCP hijacking attack.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26244 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26243 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-20852 โผ
๐ Read
via "National Vulnerability Database".
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26245 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-2297 โผ
๐ Read
via "National Vulnerability Database".
The Profile Builder รขโฌโ User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-22901 โผ
๐ Read
via "National Vulnerability Database".
ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administratorรขโฌโขs privilege can exploit this vulnerability to access arbitrary system files.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-2323 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-28770 โผ
๐ Read
via "National Vulnerability Database".
The sensitive information exposure vulnerability in the CGI รขโฌลExport_Logรขโฌ๏ฟฝ and the binary รขโฌลzcmdรขโฌ๏ฟฝ in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.๐ Read
via "National Vulnerability Database".
๐ข Microsoft links PaperCut server attacks to Cl0p, LockBit ransomware ๐ข
๐ Read
via "ITPro".
Microsoft Threat Intelligence noted attacks were facilitated by GoAnywhere vulnerabilities and the Raspberry Robin worm ๐ Read
via "ITPro".
ITPro
Microsoft links PaperCut server attacks to Cl0p, LockBit ransomware
Microsoft Threat Intelligence noted attacks were facilitated by GoAnywhere vulnerabilities and the Raspberry Robin worm
โผ CVE-2023-1778 โผ
๐ Read
via "National Vulnerability Database".
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.The vulnerability has been addressed by forcing the user to change their default password to a new non-default password.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-2327 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-2328 โผ
๐ Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.๐ Read
via "National Vulnerability Database".
๐ด Tenable Makes Generative AI Security Tools Available to the Research Community ๐ด
๐ Read
via "Dark Reading".
๐ Read
via "Dark Reading".
Dark Reading
Tenable Makes Generative AI Security Tools Available to the Research Community
COLUMBIA, Md. and RSA Conference 2023 (April 27, 2023) โ Tenableยฎ, the Exposure Management company, today published a new report outlining the use of generative AI to build new security research tools. The report, titled โHow Generative AI is Changing Securityโฆ
๐ด Combating Kubernetes โ the Newest IAM Challenge ๐ด
๐ Read
via "Dark Reading".
IT leaders need to ensure Kubernetes clusters don't become a gateway for cybercriminals.๐ Read
via "Dark Reading".
Dark Reading
Combating Kubernetes โ the Newest IAM Challenge
IT leaders need to ensure Kubernetes clusters don't become a gateway for cybercriminals.
โค1
โผ CVE-2023-2336 โผ
๐ Read
via "National Vulnerability Database".
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-29255 โผ
๐ Read
via "National Vulnerability Database".
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.๐ Read
via "National Vulnerability Database".