CVE-2023-26243

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to...

CVE-2023-26243

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to...

Design/Logic Flaw

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to...

PT-2023-20558

Name of the Vulnerable Software and Affected Versions Hyundai Gen5W L in-vehicle infotainment system version AE E PE EUR.S5W L001.001.211214 Description An issue was discovered in the Hyundai Gen5W L in-vehicle infotainment system. The decryption binary used to decrypt firmware files has an...

CVE-2023-26243

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to...

PT-2023-35798 · Git +1 · Wabt

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A crash has been reported with an unknown write issue. The crash involves the std:: 1::allocator traits and std:: 1::vector functions, specifically with...

CVE-2023-26243

An issue was discovered in the Hyundai Gen5WL in-vehicle infotainment system AEEPEEUR.S5WL001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to...

CVE-2023-2282

Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector...

CVE-2023-2282

Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector...

Improper access control

Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector...

CVE-2023-2282

Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector...

PT-2023-8264 · Nvidia · Nvidia Dgx A100 Sbios

Name of the Vulnerable Software and Affected Versions: NVIDIA DGX A100 SBIOS affected versions not specified Description: The issue is related to an integer overflow that allows a local attacker to bypass input validation checks. A successful exploit may lead to denial of service, information...

novel-plus SQL injection vulnerability (CNVD-2023-32195)

novel-plus novel boutique-plus is a multi-end PC, WAP reading, functional original literature CMS system. novel-plus version 3.6.2 suffers from a SQL injection vulnerability, which originates from a problem with the file /author/list?limit=10&offset=0&order=desc, where the operation of the...

Use-After-Free

firefox is vulnerable to Use-After-Free. This vulnerability allows an attacker to cause a memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector...

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top XWiki projects of the French XWiki Foundation. A cross-site scripting vulnerability exists in XWiki Commons. An attacker can exploit this vulnerability to inject arbitrary HTML code...

The vulnerability of the ImageMagick graphics editor arises from improper management of internal resources within the application when processing SVG files. This allows a malicious actor to trigger a service failure.

The vulnerability of the ImageMagick graphics editor is related to improper management of internal resources within the application when processing SVG files. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially created SVG file...

ProjeQtOr Project Management System 10.3.2 - Remote Code Execution Vulnerability

Exploit Title: ProjeQtOr Project Management System 10.3.2 -Remote Code Execution RCE Application: ProjeQtOr Project Management System Version: 10.3.2 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://www.projeqtor.org Software Link:...

Phishing: The Oldest and Wisest Attack Vector

...

CVE-2023-22001

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

B. Braun Battery Pack SP with Wi-Fi

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: B. Braun Melsungen AG Equipment: Battery Pack SP with Wi-Fi Vulnerability: Improper neutralization of directives in dynamically evaluated code 'Eval Injection' 2. RISK EVALUATION Successful exploitation...