PT-2023-4202 · Apple +8 · Macos Ventura +14

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.7.8 iPadOS versions prior to 15.7.8 iOS versions prior to 16.6 iPadOS versions prior to 16.6 tvOS versions prior to 16.6 macOS Ventura versions prior to 13.5 Safari versions prior to 16.6 watchOS versions prior to 9.6...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

Design/Logic Flaw

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

CVE-2023-30561

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running...

CVE-2023-30561

CVE-2023-30561 describes insecure data flow between the BD Alaris PCU and its modules. In BD Alaris PCU Model 8015, v12.1.3 and earlier, the infusion data can be exposed or tampered if a threat actor gains physical access and connects a crafted device during an infusion. BD’s ICS bulletin indicat...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

CVE-2023-33668

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...

CVE-2023-33668

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...

CVE-2023-3596 Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service

Where this vulnerability exists in the Rockwell Automation 1756-EN4 Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages...

CVE-2023-3595 Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution

Where this vulnerability exists in the Rockwell Automation 1756 EN2 and 1756 EN3 ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modif...

CISA Releases One Industrial Control Systems Advisory

CISA released one Critical Industrial Control Systems ICS advisory on July 12, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-193-01 Rockwell Automation Select Communication Modules CISA encourages users and...

Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which came ...

DigiExam 安全漏洞

DigiExam is an exam platform from the Swedish company DigiExam. A security vulnerability exists in DigiExam version v14.0.2, which stems from a lack of integrity checking of native modules, allowing an attacker to access PII and take over accounts on a shared computer...

CVE-2023-33668

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...

CVE-2023-33668

CVE-2023-33668 affects DigiExam up to v14.0.2, where there is a lack of integrity checks for native modules. The issue enables attackers on shared computers to access PII and potentially take over user accounts, per multiple sources including Red Hat and NVD entries. The root cause is insufficien...

CVE-2023-33668

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...

The vulnerabilities of the Ethernet modules FX3U-ENET-ADP and Ethernet FX3U-ENET(-L) of the microprogrammable logic controllers MELSEC iQ-F series, such as FX3U, FX3UC, FX3G, FX3GC-32MT, FX3GE, FX3GA, FX3S, and FX3SA, allow attackers to circumvent security restrictions and reset system settings.

The vulnerability of the Ethernet modules FX3U-ENET-ADP and Ethernet FX3U-ENET-L of the microprogrammable logic controllers MELSEC iQ-F series, such as FX3U, FX3UC, FX3G, FX3GC-32MT, FX3GE, FX3GA, FX3S, and FX3SA, stems from the ability to bypass authentication by using capture-replay techniques...

Fedora: Security Advisory for perl-CPAN (FEDORA-2023-46924e402a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...