βΌ CVE-2023-28575 βΌ
π Read
via "National Vulnerability Database".
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30795 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28577 βΌ
π Read
via "National Vulnerability Database".
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30796 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37373 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-29099 βΌ
π Read
via "National Vulnerability Database".
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <=Γ 4.20.2 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38525 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38526 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38527 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37372 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38528 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-36692 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin <=Γ 0.6.11 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38524 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3717 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32503 βΌ
π Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <=Γ 0.4.6 versions.π Read
via "National Vulnerability Database".
π΄ Dark Reading News Desk: Live at Black Hat USA 2023 π΄
π Read
via "Dark Reading".
On Wed Aug 9, Dark Reading News Desk will return to Black Hat USA 2023.π Read
via "Dark Reading".
Dark Reading
Dark Reading News Desk at Black Hat USA 2023
Dark Reading News Desk was on air for two whole days during Black Hat USA 2023.
π’ GDPR fines just 6% of the total cost of data breaches π’
π Read
via "ITPro".
Costs are surging as tickbox compliance distracts organizations from proper security π Read
via "ITPro".
IT Pro
GDPR fines just 6% of the total cost of data breaches
Costs are surging as tickbox compliance distracts organizations from proper security
π’ Royal, Hive, Black Basta ransomware gangs βcollaborating on cyber attacksβ π’
π Read
via "ITPro".
Affiliates from the now-defunct Hive ransomware group could be seeking opportunities with other major dark web players π Read
via "ITPro".
ITPro
Royal, Hive, Black Basta ransomware gangs βcollaborating on cyber attacksβ
Affiliates from the now-defunct Hive ransomware group could be seeking opportunities with other major dark web players
βΌ CVE-2023-37686 βΌ
π Read
via "National Vulnerability Database".
Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.π Read
via "National Vulnerability Database".
βΌ CVE-2023-25063 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <=Γ 5.2.3 versions.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27415 βΌ
π Read
via "National Vulnerability Database".
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <=Γ 1.1.2 versions.π Read
via "National Vulnerability Database".