‼ CVE-2023-31171 ‼
📖 Read
via "National Vulnerability Database".
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4683 ‼
📖 Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41717 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31170 ‼
📖 Read
via "National Vulnerability Database".
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41743 ‼
📖 Read
via "National Vulnerability Database".
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31167 ‼
📖 Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal.SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details.This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31172 ‼
📖 Read
via "National Vulnerability Database".
An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4682 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31174 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31169 ‼
📖 Read
via "National Vulnerability Database".
An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31173 ‼
📖 Read
via "National Vulnerability Database".
Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34391 ‼
📖 Read
via "National Vulnerability Database".
Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths.See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4681 ‼
📖 Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4678 ‼
📖 Read
via "National Vulnerability Database".
Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34392 ‼
📖 Read
via "National Vulnerability Database".
A Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31168 ‼
📖 Read
via "National Vulnerability Database".
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31175 ‼
📖 Read
via "National Vulnerability Database".
An Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system.See Instruction Manual Appendix A and Appendix E dated 20230615 for more details.This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41744 ‼
📖 Read
via "National Vulnerability Database".
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.📖 Read
via "National Vulnerability Database".
🕴 Paramount, Forever 21 Data Breaches Set Stage for Follow-On Attacks 🕴
📖 Read
via "Dark Reading".
The Forever 21 breach alone affects a half-million people, who could be a mix of consumers and employees; Paramount is staying mum on who exactly is impacted.📖 Read
via "Dark Reading".
Dark Reading
Paramount, Forever 21 Data Breaches Set Stage for Follow-on Attacks
The Forever 21 breach alone affects a half-million people, who could be a mix of consumers and employees; Paramount is staying mum on who exactly is impacted.
🕴 Apple iPhone 14 Pro Offered Up to the Hacking Masses 🕴
📖 Read
via "Dark Reading".
Since launching in 2019, the Security Device Research Program has discovered 130 critical vulnerabilities; applications are now open for Apple's 2024 iteration.📖 Read
via "Dark Reading".
Dark Reading
Apple iPhone 14 Pro Offered Up to the Hacking Masses
Since launching in 2019, the Security Device Research Program has discovered 130 critical vulnerabilities; applications are now open for Apple's 2024 iteration.
❤1
🕴 UK Agrees to Support Kuwait's Cybersecurity Center 🕴
📖 Read
via "Dark Reading".
The UK has agreed to help the Kuwaitis meet their stated goal of information-sharing and achieving globally coordinated incident response going forward.📖 Read
via "Dark Reading".
Dark Reading
UK Agrees to Support Kuwait's Cybersecurity Center
The UK has agreed to help the Kuwaitis meet their stated goal of information-sharing and achieving globally coordinated incident response going forward.