‼ CVE-2023-35965 ‼
📖 Read
via "National Vulnerability Database".
Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-31272 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27380 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34356 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4936 ‼
📖 Read
via "National Vulnerability Database".
It is possible to sideload a compromised DLL during the installation at elevated privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34354 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35194 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35968 ‼
📖 Read
via "National Vulnerability Database".
Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-34365 ‼
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35193 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8.📖 Read
via "National Vulnerability Database".
🕴 Gaza Conflict: How Israeli Cybersecurity Will Respond 🕴
📖 Read
via "Dark Reading".
The Israeli-Hamas war will most assuredly impact businesses when it comes to ramped-up cyberattacks. Experts say that Israel's considerable collection of cybersecurity vendors be a major asset on the cyber-front.📖 Read
via "Dark Reading".
Dark Reading
Gaza Conflict: How Israeli Cybersecurity Will Respond
The Israeli-Hamas war will most assuredly impact businesses when it comes to ramped-up cyberattacks. Experts say that Israel's considerable collection of cybersecurity vendors be a major asset on the cyber-front.
🕴 Adobe Acrobat Reader Vuln Now Under Attack 🕴
📖 Read
via "Dark Reading".
CISA flags use-after-free bug now being exploited in the wild.📖 Read
via "Dark Reading".
Dark Reading
Adobe Acrobat Reader Vuln Now Under Attack
CISA flags use-after-free bug now being exploited in the wild.
🕴 Cloud Security Demand Drives Better Cyber-Firm Valuations — and Deals 🕴
📖 Read
via "Dark Reading".
Cisco's $28 billion purchase of Splunk was the biggest story, but there were other big security acquisitions and investments during a richer-than-expected quarter.📖 Read
via "Dark Reading".
Dark Reading
Cloud Security Demand Drives Better Cyber-Firm Valuations — and Deals
Cisco's $28 billion purchase of Splunk was the biggest story, but there were other big security acquisitions and investments during a richer-than-expected quarter.
🕴 Microsoft: Chinese APT Behind Atlassian Confluence Attacks; PoCs Appear 🕴
📖 Read
via "Dark Reading".
Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims.📖 Read
via "Dark Reading".
Dark Reading
Microsoft: Chinese APT Behind Atlassian Confluence Attacks; PoCs Appear
Organizations should brace for mass exploitation of CVE-2023-22515, an uber-critical security bug that opens the door to crippling supply chain attacks on downstream victims.
‼ CVE-2023-44961 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43960 ‼
📖 Read
via "National Vulnerability Database".
An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44962 ‼
📖 Read
via "National Vulnerability Database".
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35645 ‼
📖 Read
via "National Vulnerability Database".
In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38817 ‼
📖 Read
via "National Vulnerability Database".
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23930 ‼
📖 Read
via "National Vulnerability Database".
vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround.📖 Read
via "National Vulnerability Database".
🕴 Curl Bug Hype Fizzles After Patching Reveal 🕴
📖 Read
via "Dark Reading".
Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments. 📖 Read
via "Dark Reading".
Dark Reading
Curl Bug Hype Fizzles After Patching Reveal
Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments.