βΌ CVE-2022-4608 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38647 βΌ
π Read
via "National Vulnerability Database".
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution.Γ The code can be run in Helix REST start and Workflow creation.Affect all the versions lower and include 1.2.0.Affected products: helix-core, helix-restMitigation: Short term, stop using any YAML based configuration and workflow creation.Γ Γ Γ Γ Γ Γ Γ Γ Γ Long term, all Helix version bumping up to 1.3.0Γ π Read
via "National Vulnerability Database".
βΌ CVE-2023-38433 βΌ
π Read
via "National Vulnerability Database".
Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900?D / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2023-20891 βΌ
π Read
via "National Vulnerability Database".
The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs.Γ A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38670 βΌ
π Read
via "National Vulnerability Database".
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28130 βΌ
π Read
via "National Vulnerability Database".
Local user may lead to privilege escalation using Gaia Portal hostnames page.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38671 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38669 βΌ
π Read
via "National Vulnerability Database".
Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.π Read
via "National Vulnerability Database".
π’ Attack on third-party software vendor disrupts NHS ambulance services π’
π Read
via "ITPro".
The ambulance services serve more than 10 million people across the south of England π Read
via "ITPro".
ITPro
Attack on third-party software vendor disrupts NHS ambulance services
The ambulance services serve more than 10 million people across the south of England
π’ Crackdown on crypto needed to curb cyber crime, says expert π’
π Read
via "ITPro".
Threat actors would struggle to generate money without the anonymity provided by unregulated digital tokens, but such a move would require worldwide buy-in π Read
via "ITPro".
ITPro
Crackdown on crypto needed to curb cyber crime, says expert
Threat actors would struggle to generate money without the anonymity provided by unregulated digital tokens, but such a move would require worldwide buy-in
π’ C-suites consider quantum a serious threat and "amazing" deepfake attacks are just 'months away' π’
π Read
via "ITPro".
Deepfake technology has matured at a rapid rate, and video scams are likely to be a on par with the more convincing voice-only campaigns very soon, one expert says π Read
via "ITPro".
ITPro
C-suites consider quantum a serious threat and "amazing" deepfake attacks are just 'months away'
Deepfake technology has matured at a rapid rate, and video scams are likely to be a on par with the more convincing voice-only campaigns very soon, one expert says
βΌ CVE-2023-39261 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissionsπ Read
via "National Vulnerability Database".
βΌ CVE-2023-38673 βΌ
π Read
via "National Vulnerability Database".
PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted inΓ the ability to execute arbitrary commands on the operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38672 βΌ
π Read
via "National Vulnerability Database".
FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37049 βΌ
π Read
via "National Vulnerability Database".
emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30577 βΌ
π Read
via "National Vulnerability Database".
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30949 βΌ
π Read
via "National Vulnerability Database".
A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3414 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information.Γ To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3442 βΌ
π Read
via "National Vulnerability Database".
A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information.Γ To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3242 βΌ
π Read
via "National Vulnerability Database".
Allocation of Resources Without Limits or Throttling, Improper Initialization vulnerability in B&R Industrial Automation B&R Automation Runtime allows Flooding, Leveraging Race Conditions.This issue affects B&R Automation Runtime: <G4.93.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28013 βΌ
π Read
via "National Vulnerability Database".
HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.π Read
via "National Vulnerability Database".