‼ CVE-2021-32422 ‼
📖 Read
via "National Vulnerability Database".
dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36281 ‼
📖 Read
via "National Vulnerability Database".
An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46174 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37425 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37427 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21710 ‼
📖 Read
via "National Vulnerability Database".
A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4212 ‼
📖 Read
via "National Vulnerability Database".
?A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36648 ‼
📖 Read
via "National Vulnerability Database".
The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48538 ‼
📖 Read
via "National Vulnerability Database".
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37434 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to  obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20813 ‼
📖 Read
via "National Vulnerability Database".
Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38666 ‼
📖 Read
via "National Vulnerability Database".
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-39599 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45611 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21687 ‼
📖 Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24514 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25887 ‼
📖 Read
via "National Vulnerability Database".
Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37424 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.📖 Read
via "National Vulnerability Database".
🕴 Controversial Cybercrime Law Passes in Jordan 🕴
📖 Read
via "Dark Reading".
The increase in cyberattacks against the Middle East in the last few years has pressured Jordan and other nations to better secure their infrastructures.📖 Read
via "Dark Reading".
Dark Reading
Controversial Cybercrime Law Passes in Jordan
The increase in cyberattacks against the Middle East in the last few years has pressured Jordan and other nations to better secure their infrastructures.
🕴 Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist 🕴
📖 Read
via "Dark Reading".
The vulnerability was being exploited in the wild, targeting two versions of Adobe ColdFusion. 📖 Read
via "Dark Reading".
Dark Reading
Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist
The vulnerability was being exploited in the wild, targeting two versions of Adobe ColdFusion.
🕴 Forescout Joins MISA and Announces Integration With Microsoft Sentinel 🕴
📖 Read
via "Dark Reading".
📖 Read
via "Dark Reading".
Dark Reading
Forescout Joins MISA and Announces Integration With Microsoft Sentinel
San Jose, CA. August 22, 2023 – Forescout, a global cybersecurity leader, today announced integrations with Microsoft Sentinel as part of a broader initiative to support the Microsoft Security portfolio. These integrations will deliver real-time visibility…