βΌ CVE-2023-3259 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user informationπ Read
via "National Vulnerability Database".
βΌ CVE-2023-40291 βΌ
π Read
via "National Vulnerability Database".
Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40295 βΌ
π Read
via "National Vulnerability Database".
libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40274 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3260 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter.An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3261 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40293 βΌ
π Read
via "National Vulnerability Database".
Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40292 βΌ
π Read
via "National Vulnerability Database".
Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40296 βΌ
π Read
via "National Vulnerability Database".
async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udpsocket.hpp when processing malformed UDP packets.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40283 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3262 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40294 βΌ
π Read
via "National Vulnerability Database".
libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c.π Read
via "National Vulnerability Database".
π¦Ώ Media Disposal Policy π¦Ώ
π Read
via "Tech Republic".
An organizationβs data and information possess tremendous value and must always be safeguarded. This policy from TechRepublic Premium helps ensure an organizationβs storage media are properly cleansed and sanitized prior to disposal, recycling or donation. From the policy: When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires ...π Read
via "Tech Republic".
TechRepublic
Media Disposal Policy
An organizationβs data and information possess tremendous value and must always be safeguarded. This policy from TechRepublic Premium helps ensure an
β€1
βΌ CVE-2023-3266 βΌ
π Read
via "National Vulnerability Database".
A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3267 βΌ
π Read
via "National Vulnerability Database".
When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3264 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3265 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator with hardcoded default credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40305 βΌ
π Read
via "National Vulnerability Database".
GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3263 βΌ
π Read
via "National Vulnerability Database".
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40303 βΌ
π Read
via "National Vulnerability Database".
GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.π Read
via "National Vulnerability Database".
π΄ 5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments π΄
π Read
via "Dark Reading".
Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources.π Read
via "Dark Reading".
Dark Reading
5 Ways CISA Can Help Cyber-Poor Small Businesses & Local Governments
Adopting these recommendations will help SMBs and public-sector agencies that must deal with the same questions of network security and data safety as their larger cousins, but without the same resources.