Adobe Substance 3D Stager SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Authentication flaw

The armv8decaesgcmfull API of Arm AArch64cryptolib before 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable...

CVE-2023-27073

A Cross-Site Request Forgery CSRF in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request...

Attack Superhighway: A Deep Dive on Malicious DNS Traffic

...

CVE-2023-27271

In SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability...

CVE-2023-27896

CVE-2023-27896 affects SAP BusinessObjects BI Platform versions 420 and 430. The issue is a Server-Side Request Forgery (SSRF) where an attacker can control a malicious BOE server, causing the application server to connect to its own CMS. This leads to a high impact on availability. The descripti...

CVE-2023-23397

Microsoft Outlook Elevation of Privilege Vulnerability Recent assessments: cbeek-r7 at March 15, 2023 8:17am UTC reported: Microsoft reported having been notified by Cert-UA of a zero-day vulnerability in Outlook. This vulnerability was observed to be used by nation-state actors targeting Ukraine...

Denial Of Service (DoS)

qemu is vulnerable to Denial Of Service DoS. The vulnerability exists due to the integer overflow and buffer overflow in the readerstrecord and writeerstrecord functions of ACPI Error Record Serialization Table ERST device, allowing an attacker to cause an application crash...

Information Disclosure

Google Chrome is vulnerable to Information Disclosure. The vulnerability exists due to the insufficient policy enforcement in CORS, which allows an attacker to leak cross-origin data via a crafted HTML page...

Denial Of Service (DoS)

wireshark is vulnerable to Denial Of Service DoS. An attacker can cause a TIPC dissector crash, via packet injection or crafted capture file...

Phishing Attack

moodle/moodle is vulnerable to Phishing Attacks. A remote unauthenticated attacker is able to trick a user into clicking a link because under some circumstances mail notifications contain a link hidden by HTML, which an attacker can exploit to trick a user into clicking, leading to phishing attac...

8220 Gang leverages ScrubCrypt in Cryptojacking Attacks

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The 8220 Gang leverages ScrubCrypt for crypto-jacking, which is available on HackForums for $40 per month or up to $200 for a lifetime...

CVE-2023-1072

An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to...

Denial Of Service (DoS)

rack is vulnerable to Denial Of Service DoS. The vulnerability exists in the library's multipart MIME parser because it does not properly limit the total number of parts that can be uploaded, which allows an attacker to send maliciously crafted requests and crash the application...

RHEL 9 : gnutls (RHSA-2023:1141)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1141 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

CVE-2023-1072

Removed by vendor...

CVE-2023-1072

An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to...

CVE-2023-24533 Incorrect multiplication of unreduced P-256 scalars in filippo.io/nistec

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this...

Debian: Security Advisory (DLA-506-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...