βΌ CVE-2023-37551 βΌ
π Read
via "National Vulnerability Database".
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3669 βΌ
π Read
via "National Vulnerability Database".
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22314 βΌ
π Read
via "National Vulnerability Database".
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37552 βΌ
π Read
via "National Vulnerability Database".
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553,Γ CVE-2023-37554,Γ CVE-2023-37555 andΓ CVE-2023-37556.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37559 βΌ
π Read
via "National Vulnerability Database".
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37558π Read
via "National Vulnerability Database".
βΌ CVE-2023-37546 βΌ
π Read
via "National Vulnerability Database".
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550π Read
via "National Vulnerability Database".
βΌ CVE-2023-37556 βΌ
π Read
via "National Vulnerability Database".
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different toΓ CVE-2023-37552,Γ CVE-2023-37553,Γ CVE-2023-37554 and CVE-2023-37555.π Read
via "National Vulnerability Database".
π Lynis Auditing Tool 3.0.9 π
π Read
via "Packet Storm Security".
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.π Read
via "Packet Storm Security".
Packetstormsecurity
Lynis Auditing Tool 3.0.9 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π’ Top 12 most-exploited security vulnerabilities revealed by national cyber security agencies π’
π Read
via "ITPro".
Cyber leaders from the Five Eyes alliance said attackers favor older vulnerabilities rather than new ones π Read
via "ITPro".
ITPro
Top 12 most-exploited security vulnerabilities revealed by national cyber security agencies
Cyber leaders from the Five Eyes alliance said attackers favor older vulnerabilities rather than new ones
π΄ Russia's 'Midnight Blizzard' Hackers Launch Flurry of Microsoft Teams Attacks π΄
π Read
via "Dark Reading".
The Nobelium APT is launching highly targeted Teams-based phishing attacks on government and industrial targets using compromised Microsoft 365 tenants, with the aim of data theft and cyber espionage.π Read
via "Dark Reading".
Dark Reading
Russia's 'Midnight Blizzard' Hackers Launch Flurry of Microsoft Teams Attacks
The Nobelium APT is launching highly targeted Teams-based phishing attacks on government and industrial targets using compromised Microsoft 365 tenants, with the aim of data theft and cyber espionage.
βΌ CVE-2023-4136 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4132 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4138 βΌ
π Read
via "National Vulnerability Database".
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2754 βΌ
π Read
via "National Vulnerability Database".
The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28468 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-4133 βΌ
π Read
via "National Vulnerability Database".
A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-39096 βΌ
π Read
via "National Vulnerability Database".
WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25600 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3766 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attackerΓ with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36298 βΌ
π Read
via "National Vulnerability Database".
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).π Read
via "National Vulnerability Database".
βΌ CVE-2023-38812 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".