‼ CVE-2023-44082 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38640 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44087 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30527 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries.This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30900 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44083 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44081 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43625 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35796 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43787 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43788 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41085 ‼
📖 Read
via "National Vulnerability Database".
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43746 ‼
📖 Read
via "National Vulnerability Database".
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43785 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43485 ‼
📖 Read
via "National Vulnerability Database".
When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40534 ‼
📖 Read
via "National Vulnerability Database".
When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43611 ‼
📖 Read
via "National Vulnerability Database".
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41253 ‼
📖 Read
via "National Vulnerability Database".
When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45226 ‼
📖 Read
via "National Vulnerability Database".
The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43786 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44763 ‼
📖 Read
via "National Vulnerability Database".
Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail" file upload, which allows Cross-Site Scripting (XSS).📖 Read
via "National Vulnerability Database".