595 matches found
CVE-2023-32469
Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution...
CVE-2023-32469
Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution...
Input validation
Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution...
CVE-2023-32469
Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution...
Dell Precision Tower BIOS Input Validation Error Vulnerability
Dell Precision Tower BIOS is a series of computer workstations for CAD/Architecture/CG professionals or as a small business server from Dell USA. A security vulnerability exists in the Dell Precision Tower BIOS, which arises from a component that contains incorrect input validation, and which cou...
PT-2023-23810 · Dell · Dell Precision Tower Bios
Name of the Vulnerable Software and Affected Versions: Dell Precision Tower BIOS affected versions not specified Description: The issue is related to an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerabili...
tokyotower-movie.jp Cross Site Scripting vulnerability OBB-3727455
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-4567
A blind SQL injection flaw was found in tower API. This issue may allow an attacker to craft a malicious SQL query into the SOCIALAUTHGITHUBKEY parameter in the /api/v2/settings/all/ endpoint and completely compromise the backend tower SQL database...
CLSA-2023-1691083401 Fix CVE(s): CVE-2022-3697
SECURITY UPDATE: improper handling of towercallback parameter in amazon.aws collection - debian/patches/CVE-2022-3697.patch: ec2instance - validate options on towercallback - CVE-2022-3697 Enable unit testing...
Tracking Down a Suspect through Cell Phone Records
Interesting forensics in connection with a serial killer arrest: Investigators went through phone records collected from both midtown Manhattan and the Massapequa Park area of Long Island--two areas connected to a "burner phone" they had tied to the killings. In court, prosecutors later said the...
towerhamletsarts.org.uk Cross Site Scripting vulnerability OBB-3381636
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
global-tower.com Cross Site Scripting vulnerability OBB-3327980
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
FreeBSD : py-ansible -- data leak vulnerability (f418cd50-561a-49a2-a133-965d03ede72a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f418cd50-561a-49a2-a133-965d03ede72a advisory. - A flaw was found in Ansible where the secret information present in asyncfiles are getting disclosed...
SUSE CVE-2017-12148
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...
SUSE CVE-2020-1746
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldapattr and ldapentry community modules are used. The issue...
SUSE CVE-2020-10744
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9....
SUSE CVE-2021-3447
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the nolog feature. An...
SUSE CVE-2022-3697
A flaw was found in Ansible in the amazon.aws collection when using the towercallback parameter from the amazon.aws.ec2instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs...
Russian Hacker Pleads Guilty to Money Laundering Linked to Ryuk Ransomware
A Russian national on February 7, 2023, pleaded guilty in the U.S. to money laundering charges and for attempting to conceal the source of funds obtained in connection with Ryuk ransomware attacks. Denis Mihaqlovic Dubnikov, 30, was arrested in Amsterdam in November 2021 before he was extradited...
bookings.spinnakertower.co.uk Cross Site Scripting vulnerability OBB-3127334
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...