โผ CVE-2023-37861 โผ
๐ Read
via "National Vulnerability Database".
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-26310 โผ
๐ Read
via "National Vulnerability Database".
There is a command injection problem in the old version of the mobile phone backup app.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-33934 โผ
๐ Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-38208 โผ
๐ Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-24471 โผ
๐ Read
via "National Vulnerability Database".
An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality.An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-37860 โผ
๐ Read
via "National Vulnerability Database".
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-37859 โผ
๐ Read
via "National Vulnerability Database".
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-38213 โผ
๐ Read
via "National Vulnerability Database".
Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-37858 โผ
๐ Read
via "National Vulnerability Database".
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-38209 โผ
๐ Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.๐ Read
via "National Vulnerability Database".
๐ด Closing Coverage Gaps Where Customer Resources Meet Cloud Environments ๐ด
๐ Read
via "Dark Reading".
Protecting the spaces where private, public, and hybrid clouds meet users' technologies requires a cloud-centric approach.๐ Read
via "Dark Reading".
Dark Reading
Closing Coverage Gaps Where Customer Resources Meet Cloud Environments
Protecting the spaces where private, public, and hybrid clouds meet users' technologies requires a cloud-centric approach.
โค1
โผ CVE-2023-31448 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a HL7 Sensor. When creating this sensor, the user can set the HL7 message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32781 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-31452 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-32782 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the DICOM sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31449 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a WMI Custom Sensor. When creating this sensor, the user can set the WQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-33953 โผ
๐ Read
via "National Vulnerability Database".
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ร Three vectors were found that allow the following DOS attacks:- Unbounded memory buffering in the HPACK parser- Unbounded CPU consumption in the HPACK parserThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.The unbounded memory buffering bugs:- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.- HPACK varints have an encoding quirk whereby an infinite number of 0รขโฌโขs can be added at the start of an integer. gRPCรขโฌโขs hpack parser needed to read all of them before concluding a parse.- gRPCรขโฌโขs metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etcรขโฌยฆ๐ Read
via "National Vulnerability Database".
โผ CVE-2023-31450 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine.๐ Read
via "National Vulnerability Database".
๐ด Why Shellshock Remains a Cybersecurity Threat After 9 Years ๐ด
๐ Read
via "Dark Reading".
Nearly a decade after it was disclosed, the Shellshock vulnerability still plagues organizations. Learn how to protect yourself.๐ Read
via "Dark Reading".
Dark Reading
Why Shellshock Remains a Cybersecurity Threat After 9 Years
Nearly a decade after it was disclosed, the Shellshock vulnerability still plagues organizations. Learn how to protect yourself.
๐ด AI Risk Database Tackles AI Supply Chain Risks ๐ด
๐ Read
via "Dark Reading".
The open source tool โ a collaboration between Robust Intelligence, MITRE, and Indiana University โ assesses heavily shared, public machine learning models for risk.๐ Read
via "Dark Reading".
Dark Reading
AI Risk Database Tackles AI Supply Chain Risks
The open source tool โ a collaboration between Robust Intelligence, MITRE, and Indiana University โ assesses heavily shared, public machine learning models for risk.
โผ CVE-2023-3953 โผ
๐ Read
via "National Vulnerability Database".
A CWE-119: Improper Restriction of Operations within the Bounds of a MemoryBuffer vulnerability exists that could cause memory corruption when an authenticated useropens a tampered log file from GP-Pro EX.๐ Read
via "National Vulnerability Database".