Vulnerabilities fixed in QlikTech Qlik Sense Vulnerabilities fixed in QlikTech Qlik Sense

QlikTech has fixed vulnerabilities in Qlik Sense Enterprise. An unauthenticated malicious person could exploit the vulnerabilities to execute arbitrary code on the system where Qlik Sense is installed, potentially taking over that system. take over. Qlik Sense reports having received reports that...

Vulnerabilities fixed in HPE Aruba Access Points

Vulnerabilities have been fixed in HPE Aruba Access Points. The vulnerabilities allow a local malicious party to manipulate data, perform a denial-of-service and execute unauthenticated arbitrary code. The vulnerability with attribute CVE-2023-45616 has received a CVSS score assigned of 9.8. HPE...

PT-2023-6318

Name of the Vulnerable Software and Affected Versions VMware Aria Operations for Logs affected versions not specified Description The issue is related to an authentication bypass vulnerability in VMware Aria Operations for Logs. This vulnerability can be exploited by an unauthenticated, malicious...

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader SPL before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree FIT format structure can be used to overwrite SPL memory, allowing unauthenticated software to...

PT-2023-27143 · Nxp · Nxp I.Mx 8M Nano +3

Name of the Vulnerable Software and Affected Versions: U-Boot Secondary Program Loader SPL versions prior to 2023.07 Description: A software issue has been identified in the U-Boot Secondary Program Loader SPL on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened...

CVE-2023-3656

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network...

PT-2023-25623 · Pos/ Dienstleistung · Cashit!

Name of the Vulnerable Software and Affected Versions: cashIT! - serving solutions versions from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 Description: The issue is an unauthenticated remote code execution vulnerability that can be triggered by an HTTP endpoint...

CVE-2023-43762

Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server backend. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15...

Vulnerability fixed in Rockwell Automation FactoryTalk

Rockwell has fixed a vulnerability in Factory Talk View Machine Edition. An unauthenticated malicious person could exploit the exploit the vulnerability to execute arbitrary code on the vulnerable system. For successful exploitation, the malicious party must have access to the production network...

Rockwell Automation PanelView Plus 代码问题漏洞

Rockwell Automation PanelView Plus is a family of Human Machine Interface HMI products from Rockwell Automation. These HMI devices are designed to integrate with industrial automation systems to provide operators with an intuitive interface for controlling and monitoring production...

Vim 缓冲区错误漏洞

Vim is a cross-platform text editor. A buffer overflow vulnerability exists in versions prior to vim 9.0.1847, which stems from an out-of-bounds write problem. An unauthenticated attacker can exploit this vulnerability to execute arbitrary code...

CVE-2023-39268

A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system...

ELECOM多款产品 安全漏洞

ELECOM WRC-X1800GS-B and others are products of ELECOM Japan.ELECOM WRC-X1800GS-B is a wireless router.ELECOM WRC-X1800GSA-B is a wireless router.ELECOM WRC-X1800GSH-B is a Gigabit router. A security vulnerability exists in various ELECOM products, which stems from a vulnerability that allows an...

Vulnerability fixed in Mirth Connect

A vulnerability has been fixed in Mirth Connect. A unauthenticated malicious person could exploit the vulnerability to execute arbitrary code with application privileges. Because Mirth Connect without additional configuration by default installed with elevated privileges by default, it cannot be...

CVE-2023-37170

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote code execution RCE vulnerability via the lang parameter in the setLanguageCfg function...

CVE-2023-35759

In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

Delta Electronics InfraSuite Device Master Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Delta Electronics InfraSuite Device Master Deserialization', 'Description' = %q Delta Electronics InfraSuite Device Master versions below v1.0.5...

Vulnerability fixed in MikroTik RouterOS

MikroTik has fixed a vulnerability in RouterOS. A unauthenticated malicious person could potentially abuse it to execute arbitrary code. To do so, malicious network traffic should be sent to the vulnerable device. sent. MikroTik indicates that systems are only vulnerable when they are use a...

Metasploit Wrap-up

Chaining for the win 1: Pentaho Business Server This week, our very own jheysel-r7 added an exploit module that leverages two vulnerabilities in Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x. The module chains an authentication bypass...

Pentaho Business Server Auth Bypass and Server Side Template Injection RCE

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is vulnerable to an authentication bypass CVE-2022-43939 and a Server Side Template Injection SSTI vulnerability CVE-2022-43769 that can be chained together to achieve unauthenticated code...