OceanStor 2800 V3,OceanStor 5300 V3,OceanStor 5500 V3,OceanStor 5600 V3,OceanStor 5800 V3 Security Vulnerabilities

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access SSL VPN Multiple Certificate Authentication Bypass Vulnerability

A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid.....

FreeBSD : Gitlab -- Vulnerabilities (a612c25f-788a-11ee-8d57-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a612c25f-788a-11ee-8d57-001b217b3468 advisory. Gitlab reports: Disclosure of CI/CD variables using Custom project templates GitLab omnibus...

Zavio IP Camera

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Zavio Equipment: IP Camera Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer, OS Command Injection 2. RISK EVALUATION Successful exploitation of these...

INEA ME RTU

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: INEA Equipment: ME RTU Vulnerabilities: OS Command Injection, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution. 3....

CVE-2023-46139

KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic...

CVE-2023-46139

KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic...

CVE-2023-46139

KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic...

Design/Logic Flaw

KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic...

Gitlab -- Vulnerabilities

Gitlab reports: Disclosure of CI/CD variables using Custom project templates GitLab omnibus DoS crash via OOM with CI Catalogs Parsing gitlab-ci.yml with large string via timeout input leads to Denial of Service DoS - Blocking FIFO files in Tar archives Titles exposed by service-desk template...

Security Bulletin: NVIDIA GPU Display Driver - October 2023

NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...

CVE-2023-46139 KernelSU signature validation mismatch

KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic...

Exploit for Infinite Loop in Openssl

OpenSSL 1.0.1g 7 Apr 2014 Copyright (c) 1998-2011 The OpenSSL...

JVN#45547161: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-29009 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

Rockwell Automation Arena

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Vulnerabilities: Out-of-Bounds Read, Access of Uninitialized Pointer 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute...

Sielco Radio Link and Analog FM Transmitters

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Sielco Equipment: Analog FM Transmitters and Radio Link Vulnerabilities: Improper Access Control, Cross-Site Request Forgery, Privilege Defined with Unsafe...

Ashlar-Vellum Cobalt, Graphite, Xenon, Argon, Lithium

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Ashlar-Vellum Equipment: Cobalt, Graphite, Xenon, Argon, Lithium, and Cobalt Share Vulnerabilities: Out-of-Bounds Write, Heap-based Buffer Overflow, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation...

BD Alaris System with Guardrails Suite MX (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris PCU, Guardrails Editor, Systems Manager, Calculation Services, CQI Reporter Vulnerabilities: Insufficient Verification of Data Authenticity, Missing...

Dingtian DT-R002

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely/public exploits are available Vendor: Dingtian Equipment: DT-R002 Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass...

Rockwell Automation FactoryTalk Services Platform

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Services Platform Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could use a token to log into the system. 3....

Sielco PolyEco FM Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Sielco Equipment: PolyEco1000 Vulnerabilities: Session Fixation, Improper Restriction of Excessive Authentication Attempts, Improper Access Control 2. RISK...

Centralite Pearl Thermostat

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Centralite Equipment: Pearl Thermostat Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this...

Rockwell Automation FactoryTalk View Site Edition

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View Site Edition Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the product...

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery

...

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery Vulnerability

...

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not...

CVE-2023-4607

An authenticated XCC user can change permissions for any user through a crafted API...

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not...

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not...

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not...

Sql injection

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not...

Command injection

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not...

TEM Opera Plus FM Family Transmitter 35.45 XSRF

Title: TEM Opera Plus FM Family Transmitter 35.45 XSRF Advisory ID: ZSL-2023-5800 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 25.10.2023 Summary This new line of Opera plus FM Transmitters combines very high efficiency, high reliability and low energy consumption in...

CamelotRelayer uses wrong interface for CamelotPair

Lines of code https://github.com/Uniswap/v3-periphery/blob/697c2474757ea89fec12a4e6db16a574fe259610/contracts/libraries/OracleLibrary.sol#L74-L88 https://github.com/CamelotLabs/core/blob/b51753e816de02e591acb2c07dc9eed7a4179a68/contracts/CamelotPair.sol#L10 Vulnerability details Impact The...

Credentials leak in github.com/ydb-platform/ydb-go-sdk/v3

A custom credentials object that does not implement the fmt.Stringer interface may leak sensitive information (e.g., credentials) via...

CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not...

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not...

Rockwell Automation Stratix 5800 & 5200 Cisco IOS XE Web UI Privilege Escalation (CVE-2023-20198)

This vulnerability in the Web UI feature of Cisco IOS XE Software allows a remote, unauthenticated threat actor to create an account on a vulnerable system with privilege level 15 access. The threat actor could then potentially use that account to gain control of the affected system. This plugin...

Exploit for Unprotected Alternate Channel in Cisco Ios Xe

Cisco IOS XE implant scanning & network detection Network...

Exploit for Unprotected Alternate Channel in Cisco Ios Xe

CVE-2023-20198 - PoC SCRIPT /!\ Disclaimer: This...

ydb-go-sdk token in custom credentials object can leak through logs

Impact Since ydb-go-sdk/v3.48.6 if you use a custom credentials object (implementation of interface Credentials) it may leak into logs. This happens because this object could be serialized into an error message using fmt.Errorf("something went wrong (credentials: %q)", credentials) during...

ydb-go-sdk token in custom credentials object can leak through logs

Impact Since ydb-go-sdk/v3.48.6 if you use a custom credentials object (implementation of interface Credentials) it may leak into logs. This happens because this object could be serialized into an error message using fmt.Errorf("something went wrong (credentials: %q)", credentials) during...

Hitachi Energy’s RTU500 Series Product (Update B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerabilities: Type Confusion, Observable Timing Discrepancy, Out-of-bounds Read, Infinite Loop, Classic Buffer Overflow 2. RISK EVALUATION...

JustSystems Corporation Ichitaro "Figure" stream use-after-free vulnerability

Talos Vulnerability Report TALOS-2023-1758 JustSystems Corporation Ichitaro "Figure" stream use-after-free vulnerability October 19, 2023 CVE Number CVE-2023-34366 SUMMARY A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially...

JVN#28846531: Multiple vulnerabilities in JustSystems products

Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below. Use after free (CWE-416) - CVE-2023-34366 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L| Base Score: 3.3 CVSS v2| AV:L/AC:M/Au:N/C:N/I:N/A:P| Base...

JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1809 JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser out-of-bounds write vulnerability October 19, 2023 CVE Number CVE-2023-38128 SUMMARY An out-of-bounds write vulnerability exists in the “HyperLinkFrame” stream parser of Ichitaro 2023...

JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser integer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1808 JustSystems Corporation Ichitaro 2023 HyperLinkFrame parser integer overflow vulnerability October 19, 2023 CVE Number CVE-2023-38127 SUMMARY An integer overflow exists in the “HyperLinkFrame” stream parser of Ichitaro 2023 1.0.1.59372. A specially...

CVE-2023-41713

SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo...

CVE-2023-41711

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall...

CVE-2023-41712

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall...

CVE-2023-41715

SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the...