βΌ CVE-2022-48474 βΌ
π Read
via "National Vulnerability Database".
Control de Ciber, in its 1.650 version, is affected by a Denial of Service condition through the version function. Sending a malicious request could cause the server to check if an unrecognized component is up to date, causing a memory failure error that shuts down the process.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37875 βΌ
π Read
via "National Vulnerability Database".
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37881 βΌ
π Read
via "National Vulnerability Database".
Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3039 βΌ
π Read
via "National Vulnerability Database".
SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26142 βΌ
π Read
via "National Vulnerability Database".
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24093 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37878 βΌ
π Read
via "National Vulnerability Database".
Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4896 βΌ
π Read
via "National Vulnerability Database".
Cyber Control, in its 1.650 version, is affected by a vulnerabilityΓ in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core.π Read
via "National Vulnerability Database".
βΌ CVE-2023-37879 βΌ
π Read
via "National Vulnerability Database".
Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation.This issue affects Wing FTP Server: <= 7.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48475 βΌ
π Read
via "National Vulnerability Database".
Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the print query created by the request.π Read
via "National Vulnerability Database".
π’ MGM Resorts back online after suspected ransomware attack π’
π Read
via "ITPro".
The companyβs casinos and hotels experienced severe disruption, with financial impacts of the outage expected to be significant π Read
via "ITPro".
ITPro
MGM Resorts back online after suspected ransomware attack
The companyβs casinos and hotels experienced severe disruption, with financial impacts of the outage expected to be significant
βΌ CVE-2023-40726 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the database.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40729 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate, or steal confidential information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-41032 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)π Read
via "National Vulnerability Database".
βΌ CVE-2023-38076 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)π Read
via "National Vulnerability Database".
βΌ CVE-2023-4759 βΌ
π Read
via "National Vulnerability Database".
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.This can happen on checkout (DirCacheCheckout), merge (ResolveMergerΓ via its WorkingTreeUpdater), pull (PullCommandΓ using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.Setting git configuration option core.symlinks = falseΓ before checking out avoids the problem.The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ Γ and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ .The JGit maintainers would like to thank RyotaK for finding and reporting this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40725 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.π Read
via "National Vulnerability Database".
βΌ CVE-2023-40728 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38075 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)π Read
via "National Vulnerability Database".
βΌ CVE-2023-38073 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)π Read
via "National Vulnerability Database".
βΌ CVE-2023-38071 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)π Read
via "National Vulnerability Database".