โผ CVE-2023-27854 โผ
๐ Read
via "National Vulnerability Database".
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. ร The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. ร The user would need to open a malicious file provided to them by the attacker for the code to execute.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46289 โผ
๐ Read
via "National Vulnerability Database".
Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-34886 โผ
๐ Read
via "National Vulnerability Database".
A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-34887 โผ
๐ Read
via "National Vulnerability Database".
Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-3429 โผ
๐ Read
via "National Vulnerability Database".
A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-4967 โผ
๐ Read
via "National Vulnerability Database".
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server๐ Read
via "National Vulnerability Database".
โผ CVE-2023-27858 โผ
๐ Read
via "National Vulnerability Database".
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using anร uninitialized pointer in the application. ร The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. ร The user would need to open a malicious file provided to them by the attacker for the code to execute.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46290 โผ
๐ Read
via "National Vulnerability Database".
Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalkรยฎ Services Platform web service and then use the token to log in into FactoryTalkรยฎ Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalkรยฎ Services Platform web service.๐ Read
via "National Vulnerability Database".
๐ด Safari Side-Channel Attack Enables Browser Theft ๐ด
๐ Read
via "Dark Reading".
The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.๐ Read
via "Dark Reading".
Dark Reading
Safari Side-Channel Attack Enables Browser Theft
The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.
๐1
โผ CVE-2023-40139 โผ
๐ Read
via "National Vulnerability Database".
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
๐1
โผ CVE-2023-40136 โผ
๐ Read
via "National Vulnerability Database".
In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40121 โผ
๐ Read
via "National Vulnerability Database".
In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40125 โผ
๐ Read
via "National Vulnerability Database".
In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40123 โผ
๐ Read
via "National Vulnerability Database".
In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40116 โผ
๐ Read
via "National Vulnerability Database".
In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40128 โผ
๐ Read
via "National Vulnerability Database".
In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46509 โผ
๐ Read
via "National Vulnerability Database".
An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-46208 โผ
๐ Read
via "National Vulnerability Database".
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors รขโฌโ Car Dealer, Classifieds & Listing plugin <=ร 1.4.6 versions.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-5828 โผ
๐ Read
via "National Vulnerability Database".
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.๐ Read
via "National Vulnerability Database".
โผ CVE-2022-34834 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.๐ Read
via "National Vulnerability Database".
โผ CVE-2023-40127 โผ
๐ Read
via "National Vulnerability Database".
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐ Read
via "National Vulnerability Database".