2474 matches found
Aruba Networks AirWave Management Platform Security Vulnerability
Aruba Networks AirWave Management Platform, from Aruba Networks, provides granular visibility into wired and wireless networks and is the leading multi-vendor management platform designed for local campus environments. A security vulnerability exists in the Aruba Networks AirWave Management...
Patch Tuesday, October 2023 Edition
Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS...
CVE-2023-35897
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246...
Code injection
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246...
CVE-2023-35897
IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments (Data Protection for VMware/Hyper-V) versions 8.1.0.0–8.1.19.0 are affected by a DLL hijacking flaw that could allow a local user to execute arbitrary code via a specially crafted file. The issue impacts Wi...
IBM Spectrum Protect Code Issue Vulnerability
IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from International Business Machines IBM. The platform provides organizations with a single point of control and management, and supports backup and recovery for virtual, physical and cloud...
The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms within isolated environments. This allows attackers to enhance their privileges and execute arbitrary codes.
The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms in isolated environments when processing namespace objects. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...
Security Bulletin: IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments are vulnerable to arbitrary code execution due to a DLL hijacking flaw (CVE-2023-35897)
Summary IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by a DLL hijacking flaw CVE-2023-35897. The flaw can lead to arbitrary code execution, as described in the "Vulnerability...
Qualcomm Chip Security Breach
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and are often manufactured on the surface of semiconductor wafers. The Qualcomm chip has a security vulnerability that stems from a weak...
GHSA-R5HM-MP3J-285G sing-box vulnerable to improper authentication in the SOCKS inbound
Impact This vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication. Patches Update to sing-box 1.4.5 or 1.5.0-rc.5 and later versions. Workarounds Don't expose the SOCKS5 inbound to insecure environments...
Authentication flaw
Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to...
CVE-2023-43644 Improper authentication in the SOCKS5 inbound in sing-box
Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to...
CVE-2023-43644 Improper authentication in the SOCKS5 inbound in sing-box
Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to...
Surf - Escalate Your SSRF Vulnerabilities On Modern Cloud Environments
surf allows you to filter a list of hosts, returning a list of viable SSRF candidates. It does this by sending a HTTP request from your machine to each host, collecting all the hosts that did not respond, and then filtering them into a list of externally facing and internally facing hosts. You ca...
Windows Gather Virtual Environment Detection
This module attempts to determine whether the system is running inside of a virtual environment and if so, which one. This module supports detection of Hyper-V, VMWare, VirtualBox, Xen, QEMU, and Parallels. This module requires Metasploit: https://metasploit.com/download Current source:...
Siemens RUGGEDCOM APE1808 Product Family Inside BIOS Vulnerability
The RUGGEDCOM APE1808 is a utility-grade application hosting platform that allows you to deploy a range of commercial edge computing and cybersecurity applications in harsh industrial environments. An Inside BIOS vulnerability exists in the Siemens RUGGEDCOM APE1808 product family, which is cause...
Remote code execution
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in...
Information Disclosure
Salt masters is vulnerable to Information Disclosure. This vulnerability is due to the cache directory having same base name across different environments. This could lead to sensitive data from one environment being exposed to another environment...
Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication
Cisco Talos recently disclosed eight vulnerabilities in the engine configuration functionality in Open Automations Software Platform. OAS Platform is commonly found in industrial operations and enterprise environments. It allows various devices, including PLCs, servers, files, databases and...
USN-6342-1: Linux kernel vulnerabilities
Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Zheng Zhang discovered that the device-mapper implementation in the Linux kernel...