705 matches found
CVE-2023-48929
Franklin Fueling Systems System Sentinel AnyWare SSA version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the groupstatus.asp resource allows an attacker to escalate privileges and obtain sensitive information...
CVE-2023-48928
Franklin Fueling Systems System Sentinel AnyWare SSA version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...
CVE-2023-48929
CVE-2023-48929 affects Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492. The vulnerability is a session fixation flaw in the group_status.asp resource where the sid parameter can be manipulated to escalate privileges and access sensitive information. The available connect...
CVE-2023-48928
CVE-2023-48928 affects Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492. The vulnerability is an Open Redirect: the path parameter of the prefs.asp resource can be manipulated to redirect a victim to an arbitrary external site. CVSS details in the initial document indicat...
CVE-2023-48929
Franklin Fueling Systems System Sentinel AnyWare SSA version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the groupstatus.asp resource allows an attacker to escalate privileges and obtain sensitive information...
kernel: drm/i915/perf: add sentinel to xehp_oa_b_counters
A bounds-checking error was found in the Linux kernel Intel i915 graphics driver's performance monitoring subsystem. A local user with access to Intel GPU performance counters can trigger address validation for observability architecture counters on Xe-HP and newer hardware, causing the driver to...
kernel: drm/i915/perf: add sentinel to xehp_oa_b_counters
A bounds-checking error was found in the Linux kernel Intel i915 graphics driver's performance monitoring subsystem. A local user with access to Intel GPU performance counters can trigger address validation for observability architecture counters on Xe-HP and newer hardware, causing the driver to...
Swapped parameters when calling createEscrow()
Lines of code Vulnerability details Impact getEscrowAddress returns the wrong WildcatSanctionsEscrow. Borrower can steal lender's escrowed funds. Proof of concept createEscrow and getEscrowAddress both take the parameters borrower, account, asset, in that order, as defined in...
ERC20 tokens can be incorrectly burnt because of insufficient validation
Lines of code Vulnerability details Impact ERC20 tokens are incorrectly burnt. Proof of Concept In the file WildcatSanctionsEscrow.sol there is a constructor function: constructor sentinel = msg.sender; borrower, account, asset = WildcatSanctionsSentinelsentinel.tmpEscrowParams; Let's suppose thi...
CVE-2023-3775
A flaw was found in the Vault Enterprise. A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in a denial of service...
CVE-2023-3775
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8...
CVE-2023-3775
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8...
CVE-2023-3775 Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8...
CVE-2023-3775 Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8...
CVE-2023-3775
The CVE concerns Vault Enterprise: a Sentinel RGP policy created by an operator to restrict access in one namespace could be applied to requests in a different, non-descendant namespace, enabling a denial-of-service condition. Impact is described as availability impact (DoS). Remediation: upgrade...
Fortify your cloud security with Wiz as it integrates with Microsoft Sentinel
Lock down your cloud infrastructure with the new Wiz integration with Microsoft Sentinel. Gain full context, support thorough investigations, and automate your response for ultimate security...
How to Use Proton Sentinel to Keep Your Accounts Safe
If you want the highest possible level of protection, this is it...
Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks
I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview ha...
Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks
I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview ha...
Security Bulletin: Vulnerability in werkzeug may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-25577, CVE-2023-23934)
Summary Vulnerabilities in werkzeug may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: Werkzeug allowing remote attacker to bypass security restrictions and denial of service. Vulnerability Details CVEID:CVE-2023-23934 DESCRIPTION: Pallets Werkzeug could allow a remote...