PT-2023-6133 · Microsoft +1 · Quic +4

Name of the Vulnerable Software and Affected Versions: Microsoft QUIC affected versions not specified Windows affected versions not specified .NET affected versions not specified Visual Studio affected versions not specified Description: The vulnerability is related to insufficient input validati...

CVE-2023-5102

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests...

CVE-2023-5102

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests...

Design/Logic Flaw

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests...

CVE-2023-5102

CVE-2023-5102 affects SICK APU’s RDT400 component. The root cause is insufficient control flow management, which could let an unprivileged remote attacker enable hidden functionality via HTTP requests. Impact is described as potential hidden functionality exposure. No public exploit details or re...

SICK APU RDT400 Security Vulnerability

SICK APU is a railroad analysis system from SICK, Germany. A security vulnerability exists in the SICK APU RDT400 that stems from insufficient control flow management of the device, which allows an attacker to enable hidden functionality via an HTTP request...

The vulnerability of PDF-XChange Editor’s document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing attackers to execute arbitrary code.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing functionality lies in the issue of operations going beyond the buffer in memory when processing JPG files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Cross-Site Request Forgery Vulnerability in Logout Functionality

Description Logout CSRF is a security vulnerability where an attacker forces a user to unknowingly log out of their session by tricking them into triggering a logout request through a malicious website or link. The csrftoken for the logout interface is invalid, it is recommended to change it to...

Important: Red Hat Security Advisory: glibc security update

An update for glibc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3969-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3969-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. Th...

Ubuntu 18.04 ESM / 20.04 LTS : Linux kernel vulnerabilities (USN-6417-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6417-1 advisory. It was discovered that the eBPF implementation in the Linux kernel contained a race condition around read- only maps. A privileged attacker...

CVE-2023-4817

This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device...

CVE-2023-44217

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality...

CVE-2023-44217

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality...

CVE-2023-44217

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality...

PT-2023-24024 · Nxlog · Nxlog Manager

Name of the Vulnerable Software and Affected Versions: NXLog Manager version 5.6.5633 Description: A Cross-Site Scripting XSS issue allows an attacker to inject malicious JavaScript into the Full Name field during user edit, due to improper sanitization of the input parameter. This enables the...

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vulnerability

Electrolink FM/DAB/TV Transmitter allows an unauthenticated attacker to bypass authentication and modify the Cookie to reveal hidden pages that allows more critical operations to the transmitter. Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vendor: Electrolink s.r.l. Product...

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W, 500W,...

PT-2023-32045 · Sato · Sato Cl4Nx-J Plus

Name of the Vulnerable Software and Affected Versions: SATO CL4NX-J Plus version 1.13.2-u455 r2 Description: A critical issue affects an unknown functionality of the WebConfig component, leading to improper authentication. The attack must be carried out within the local network. The exploit has...

CVE-2023-5294

A vulnerability has been found in ECshop 4.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/order.php. The manipulation of the argument goodsid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed ...