βΌ CVE-2023-23298 βΌ
π Read
via "National Vulnerability Database".
The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23300 βΌ
π Read
via "National Vulnerability Database".
The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23303 βΌ
π Read
via "National Vulnerability Database".
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31860 βΌ
π Read
via "National Vulnerability Database".
Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23302 βΌ
π Read
via "National Vulnerability Database".
The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23305 βΌ
π Read
via "National Vulnerability Database".
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31517 βΌ
π Read
via "National Vulnerability Database".
Teeworlds v0.7.5 was discovered to contain memory leaks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23304 βΌ
π Read
via "National Vulnerability Database".
The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1508 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23299 βΌ
π Read
via "National Vulnerability Database".
The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2703 βΌ
π Read
via "National Vulnerability Database".
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23306 βΌ
π Read
via "National Vulnerability Database".
The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device's firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30382 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31759 βΌ
π Read
via "National Vulnerability Database".
Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31761 βΌ
π Read
via "National Vulnerability Database".
Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31763 βΌ
π Read
via "National Vulnerability Database".
Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2496 βΌ
π Read
via "National Vulnerability Database".
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2498 βΌ
π Read
via "National Vulnerability Database".
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31762 βΌ
π Read
via "National Vulnerability Database".
Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2494 βΌ
π Read
via "National Vulnerability Database".
The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.π Read
via "National Vulnerability Database".
π’ Rogue IT worker extorted company after hijacking ransomware attack π’
π Read
via "ITPro".
Lilesβ involvement in the scheme was revealed after unauthorized email access was traced to his home address π Read
via "ITPro".
ITPro
Rogue IT worker extorted company after hijacking ransomware attack
Lilesβ involvement in the scheme was revealed after unauthorized email access was traced to his home address