βΌ CVE-2023-2838 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.π Read
via "National Vulnerability Database".
π΄ Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations π΄
π Read
via "Dark Reading".
The technology conglomerate has until later this year to end its transfer of European user's data across the Atlantic.π Read
via "Dark Reading".
Dark Reading
Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations
The technology conglomerate has until later this year to end its transfer of European user's data across the Atlantic.
π΄ PyPI Shuts Down Over the Weekend, Says Incident Was Overblown π΄
π Read
via "Dark Reading".
The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.π Read
via "Dark Reading".
Dark Reading
PyPI Shuts Down Over the Weekend, Says Incident Was Overblown
The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.
π΄ Improving Cybersecurity Requires Building Better Public-Private Cooperation π΄
π Read
via "Dark Reading".
Security vendors, businesses, and US government agencies need to work together to fight ransomware and protect critical infrastructure.π Read
via "Dark Reading".
Dark Reading
Improving Cybersecurity Requires Building Better Public-Private Cooperation
Security vendors, businesses, and US government agencies need to work together to fight ransomware and protect critical infrastructure.
βΌ CVE-2023-28412 βΌ
π Read
via "National Vulnerability Database".
When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31816 βΌ
π Read
via "National Vulnerability Database".
IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31240 βΌ
π Read
via "National Vulnerability Database".
Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28386 βΌ
π Read
via "National Vulnerability Database".
Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29838 βΌ
π Read
via "National Vulnerability Database".
Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28649 βΌ
π Read
via "National Vulnerability Database".
The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31193 βΌ
π Read
via "National Vulnerability Database".
Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31245 βΌ
π Read
via "National Vulnerability Database".
Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the deviceΓ’β¬β’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25183 βΌ
π Read
via "National Vulnerability Database".
In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31689 βΌ
π Read
via "National Vulnerability Database".
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31241 βΌ
π Read
via "National Vulnerability Database".
Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2505 βΌ
π Read
via "National Vulnerability Database".
The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47320 βΌ
π Read
via "National Vulnerability Database".
The iBoot deviceΓ’β¬β’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2504 βΌ
π Read
via "National Vulnerability Database".
Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4945 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47311 βΌ
π Read
via "National Vulnerability Database".
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46738 βΌ
π Read
via "National Vulnerability Database".
The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin.π Read
via "National Vulnerability Database".