CVE-2023-28405

Uncontrolled search path in the IntelR Distribution of OpenVINOTM Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

eProsima Fast DDS Security Vulnerability

eProsima Fast DDS is the C++ implementation of eProsima's OMG Object Management Group DDS Data Distribution Service standard. A security vulnerability exists in eProsima Fast DDS versions prior to v2.10.0, which stems from BadParamExceptionFast CDR throws an exception that is not caught by Fast...

PT-2023-4899 · Eprosima +2 · Eprosima Fast Dds +2

Name of the Vulnerable Software and Affected Versions: eprosima Fast DDS versions prior to 2.11.0 eprosima Fast DDS versions prior to 2.10.2 eprosima Fast DDS versions prior to 2.9.2 eprosima Fast DDS versions prior to 2.6.5 Description: The issue is related to an error in exception handling in t...

PT-2023-4901 · Eprosima +2 · Eprosima Fast Dds +2

Name of the Vulnerable Software and Affected Versions: eprosima Fast DDS versions prior to 2.10.0 eprosima Fast DDS versions prior to 2.9.2 eprosima Fast DDS versions prior to 2.6.5 Description: The issue is related to the use of the assert function or a similar operator in the eprosima Fast DDS...

CVE-2023-35387

Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability...

function rngComplete is unpprotected

Lines of code Vulnerability details Impact The rngComplete is a function Called by the relayer to complete the Rng relay auction. However it has zero access control. Proof of Concept The function makes calls to the prizepool to close a draw, it also withdraws from a reserve. All these are done wi...

An attacker could manipulate the _rngAuctionResult to unfairly distribute more rewards to themselves

Lines of code Vulnerability details Impact When the rewards are calculated using computeRewards, the attacker's inflated rewardFraction will be used, giving them a bigger share Proof of Concept The rngAuctionResult passed to rngComplete is stored directly into the auctionResults array without any...

CVE-2023-34196

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates attributes and public keys to unauthenticated or less privileged users may...

CVE-2023-34196

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates attributes and public keys to unauthenticated or less privileged users may...

CVE-2023-34196

In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates attributes and public keys to unauthenticated or less privileged users may...

Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT

Threat actors are creating fake websites hosting trojanized software installers to trick unsuspecting users into downloading a downloader malware called Fruity with the goal of installing remote trojans tools like Remcos RAT. "Among the software in question are various instruments for fine-tuning...

Anomaly detection in certificate-based TGT requests

One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center KDC into granting access to the target companys network. An example of such an...

Wix Embedded MySql 代码注入漏洞

Wix Embedded MySql is a Wix Incubator open source based embedded mysql. A security vulnerability exists in Wix Embedded MySql v4.6.1 and earlier versions, which stems from a code injection vulnerability in the component com.wix.mysql.distribution.setup.apply...

The vulnerabilities of the microprogramming software for Honeywell Experion PKS programmable logic controllers, the measurement and computing controllers Experion LX, and the distribution control system Experion PlantCruise allow a intruder to execute arbitrary code.

The vulnerability of microprogrammed software in Honeywell Experion PKS programmable logic controllers, Experion LX measurement and control controllers, and Experion PlantCruise distribution systems is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker...

The vulnerabilities of the microprogramming software for Honeywell Experion PKS programmable logic controllers, the measurement and computing controllers Experion LX, and the distribution control system Experion PlantCruise allow a intruder to execute arbitrary code.

The vulnerability of microprogrammed software in Honeywell Experion PKS programmable logic controllers, as well as in measurement and control controllers Experion LX, and the distribution control system Experion PlantCruise, is related to buffer overflow in dynamic memory. Exploiting this...

The vulnerabilities of the microprogramming software for Honeywell Experion PKS programmable logic controllers, the measurement and computing controllers Experion LX, and the distribution control system Experion PlantCruise allow a intruder to execute arbitrary code.

The vulnerability of microprogrammed software in Honeywell Experion PKS programmable logic controllers, Experion LX measurement and control controllers, and Experion PlantCruise distribution systems is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker...

Exploit for Open Redirect in Revive-Adserver Revive_Adserver

CVE-2021-22873 - Revive Adserver Open Redirect Vulnerability...

CVE-2023-37915

OpenDDS is an open source C++ implementation of the Object Management Group OMG Data Distribution Service DDS. OpenDDS crashes while parsing a malformed PIDPROPERTYLIST in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage...

CVE-2023-37915 Malformed PID_PROPERTY_LIST parameter in DATA submessage remotely crashes OpenDDS

OpenDDS is an open source C++ implementation of the Object Management Group OMG Data Distribution Service DDS. OpenDDS crashes while parsing a malformed PIDPROPERTYLIST in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage...

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. "HotRat malware equips attackers with a wide array of capabilities, such as stealing login...