96 matches found
CVE-2023-32547
Incorrect default permissions in the MAVinci Desktop Software for IntelR Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access...
CVE-2024-52997
Photoshop Desktop versions 26.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2023-7298 Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software
A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...
CVE-2023-7298 Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software
A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...
Citrix Virtual Desktop - Printers cannot be created if one of printer server is offline
There are 2 printer servers, each with 6 printers. Apply the printers with Citrix policy "Printer Assignment". If one printer server is offline, other online printers cannot be created in the ICA session desktop...
CVE-2024-7671 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...
CVE-2024-7670 DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
CVE-2024-6240
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASHENV environment variable with the path to the malicious script, executing on application startup. An attacke...
CVE-2024-6240
CVE-2024-6240 concerns an improper privilege management vulnerability in Parallels Desktop Software prior to version 19.3.0. An attacker could place malicious code in a script and populate the BASH_ENV variable with the path to that script, causing it to execute on application startup and potenti...
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver a malware called SSLoad. The campaign, codenamed FROZENSHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software...
Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign
Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 CVSS score: 9.3, a critical SQL...
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks
The Iran-affiliated threat actor tracked as MuddyWater aka Mango Sandstorm or TA450 has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring and Management RMM solution called Atera. The activity, which took place from March 7 through the week o...
OpenText Exceed Turbo X Cross-Site Scripting Vulnerability
OpenText Exceed Turbo X is a virtual desktop software from OpenText Canada. A cross-site scripting vulnerability exists in OpenText Exceed Turbo X version 12.5.1, which can be exploited by an attacker to inject malicious code...
Remote Monitoring & Management software used in phishing attacks
Remote Monitoring & Management RMM software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to...
CVE-2023-32547
Incorrect default permissions in the MAVinci Desktop Software for IntelR Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access...
CVE-2023-32547
Incorrect default permissions in the MAVinci Desktop Software for IntelR Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access...
Design/Logic Flaw
Incorrect default permissions in the MAVinci Desktop Software for IntelR Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access...
CVE-2023-32547
Incorrect default permissions in the MAVinci Desktop Software for IntelR Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access...
CVE-2023-32547
The CVE-2023-32547 issue affects MAVinci Desktop Software for Intel® Falcon 8+ prior to version 6.2. The root cause is incorrect default permissions in the MAVinci Desktop software, which could allow an authenticated local user to escalate privileges. CVSS vectors indicate a local attack with low...
CVE-2023-32547
Incorrect default permissions in the MAVinci Desktop Software for IntelR Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access...