705 matches found
KLA65131 Multiple vulnerabilities in Microsoft Azure
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Data Studio can be exploited...
BIT-VAULT-2023-3775 Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8...
Exploit for Improper Privilege Management in Thalesgroup Sentinel_Hasp_Ldk
CVE-2024-0197-POC Proof of concept for Local Privilege Escalat...
CVE-2024-0197
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access...
CVE-2024-0197
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access...
Design/Logic Flaw
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access...
CVE-2024-0197 Privilege Escalation in Thales SafeNet Sentinel HASP LDK
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access...
CVE-2024-0197 Privilege Escalation in Thales SafeNet Sentinel HASP LDK
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access...
CVE-2024-0197
CVE-2024-0197 affects the Windows installer of Thales SafeNet Sentinel HASP LDK, prior to version 9.16. The root cause is an installer flaw that enables local privilege escalation when an attacker already has local access. The impact is privilege elevation to SYSTEM with high confidentiality/inte...
Thales SafeNet Security Vulnerability
Thales SafeNet is an enterprise authentication, data encryption, and key management solution from Thales USA. A security vulnerability exists in Thales SafeNet Sentinel HASP LDK prior to version 9.16, which stems from a flaw in the installer that allows an attacker to upgrade privileges via local...
PT-2024-15380 · Thales · Thales Safenet Sentinel Hasp Ldk
Name of the Vulnerable Software and Affected Versions: Thales SafeNet Sentinel HASP LDK versions prior to 9.16 Description: A flaw in the installer for Thales SafeNet Sentinel HASP LDK on Windows allows an attacker to escalate their privilege level via local access. Recommendations: For versions...
Dormant PyPI Package Compromised to Spread Nova Sentinel Malware
A dormant package available on the Python Package Index PyPI repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain securit...
Using Google Search to Find Software Can Be Risky
Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of...
FalconHound - A Blue Team Multi-Tool. It Allows You To Utilize And Enhance The Power Of Blo odHound In A More Automated Fashion
FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool. One of the challenging aspects of BloodHound is that it is a snapshot in time...
Unified security operations with Microsoft Sentinel and Microsoft Defender XDR
Numerous cybersecurity tools exist to help organizations protect their data, people, and systems. There are different tools that check emails for phishing attempts, secure infrastructure and cloud, and provide generative AI to detect threats and uplevel response beyond human ability. While each o...
Security Bulletin: Vulnerabilities in cryptography affect IBM Spectrum Sentinel Anomaly Scan Engine (239927)
Summary Vulnerabilities in python cryptography affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: Python cryptography allowing remote attacker to overflow a buffer and execute arbitrary code on the system. This bulletin identifies the steps to take to address the...
Security Bulletin: Vulnerability in cryptography may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-23931, CVE-2023-38325)
Summary Vulnerabilities in python cryptography may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: Python cryptography allowing remote attacker bypass authentication and obtain access to launch further attacks on the system. Vulnerability Details CVEID:CVE-2023-23931...
Security Bulletin: Vulnerability in urllib3 might affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-43804, CVE-2023-45803)
Summary Vulnerabilities in urllib3 might affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include allowing remote attacker to obtain sensitive information to launch further attacks against the affected system. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could...
CVE-2023-48929
Franklin Fueling Systems System Sentinel AnyWare SSA version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the groupstatus.asp resource allows an attacker to escalate privileges and obtain sensitive information...
CVE-2023-48928
Franklin Fueling Systems System Sentinel AnyWare SSA version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...