Lucene search
K

2886 matches found

The Hacker News
The Hacker News
added 2023/07/26 1:13 p.m.37 views

Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks

A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it's a significant upgrade over the Pupy RAT, an open-source remote access trojan it's modeled on. "Decoy Dog has a full suite of powerful, previously unknown capabilities – including the ability to move victims...

7.7AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2023/07/26 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-24489

Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers...

9.8CVSS7.4AI score0.95076EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2023/07/26 12:0 a.m.3 views

The vulnerability of the microprogramming software for WAGO 750-3x and WAGO 750-8x programmable logic controllers allows a intruder to cause malfunctions during maintenance operations.

The vulnerability of the microprogrammed software in WAGO 750-3x and WAGO 750-8x programmable logic controllers is related to uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause malfunctions in the system...

7.8CVSS7.2AI score0.00933EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/07/26 12:0 a.m.4 views

The vulnerability of FTP servers of microprogrammed logic controllers such as MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, and SW1DNN-EIPCTFX5-BD allows attackers to compromise the target system.

The vulnerability of FTP servers of microprogrammed logic controllers such as MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, and SW1DNN-EIPCTFX5-BD lies in the ability to download files of a dangerous type without limitation. Exploiting this vulnerability can allow an attacker to compromise the...

7.5CVSS7.1AI score0.00607EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/07/26 12:0 a.m.5 views

The vulnerability of Citrix ADC application delivery controllers (formerly known as Citrix NetScaler Application Delivery Controller) and Citrix Gateway virtual environment access control systems (formerly known as Citrix NetScaler Gateway) stems from improper validation of the return value of a function. This allows attackers to disclose sensitive information that should be protected.

The vulnerability of Citrix ADC application delivery controllers formerly known as Citrix NetScaler Application Delivery Controller, as well as the Citrix Gateway access control system formerly known as Citrix NetScaler Gateway, is related to improper validation of the return value of a function...

7.8CVSS7.3AI score0.01073EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2023/07/25 6:24 p.m.2 views

GHSA-WVP2-9PPW-337J Paths contain matrix variables bypass decorators

Impact Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. In this situation, the Armeria decorators might not invoked because of the matrix variables. Let's see the...

7.5CVSS7AI score0.00588EPSS
Exploits0References6
OSV
OSV
added 2023/07/25 8:15 a.m.4 views

CVE-2023-21405

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors...

6.5CVSS5.8AI score0.00264EPSS
Exploits0References1
NVD
NVD
added 2023/07/25 8:15 a.m.15 views

CVE-2023-21405

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors...

6.5CVSS6.5AI score0.00264EPSS
Exploits0References1
Prion
Prion
added 2023/07/25 8:15 a.m.17 views

Design/Logic Flaw

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors...

3.3CVSS6.5AI score0.00264EPSS
Exploits0References1Affected Software5
CVE
CVE
added 2023/07/25 7:34 a.m.71 views

CVE-2023-21405

CVE-2023-21405 affects Axis Network Door Controllers and Axis Network Intercoms via OSDP; the vulnerability is a crash in the OSDP message parser that crashes the pacsiod process, causing temporary unavailability of door-controlling functionality (doors cannot be opened or closed). The issue is d...

6.5CVSS6.5AI score0.00264EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.4 views

PT-2023-7483 · Axis · Axis Network Intercoms +1

Name of the Vulnerable Software and Affected Versions: Axis Network Door Controllers and Axis Network Intercoms affected versions not specified Description: The issue is related to a flaw in the implementation of the Open Supervised Device Protocol OSDP in Axis Network Door Controllers and Axis...

6.5CVSS6.7AI score0.00264EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/07/25 12:0 a.m.4 views

Axis Network Door Controllers 安全漏洞

AXIS Network Door Controllers is a network door controller from AXIS Sweden. A security vulnerability exists in Axis Network Door Controllers, Axis Network Intercoms, which stems from a crash of the OSDP message parser pacsiod process when communicating via OSDP intercom, resulting in a temporary...

6.5CVSS6.5AI score0.00264EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/07/23 2:9 a.m.2 views

SUSE CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

6.8CVSS6.7AI score0.0039EPSS
Exploits0References7
OSV
OSV
added 2023/07/20 3:15 p.m.22 views

CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

5.9CVSS6.8AI score0.0039EPSS
Exploits0References9
OSV
OSV
added 2023/07/20 3:15 p.m.7 views

AZL-48166 CVE-2023-3347 affecting package samba 4.18.3-2

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

5.9CVSS6.6AI score0.0039EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/07/20 2:54 p.m.24 views

CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

5.9CVSS5.9AI score0.0039EPSS
Exploits0
Cvelist
Cvelist
added 2023/07/20 2:54 p.m.19 views

CVE-2023-3347 Samba: smb2 packet signing is not enforced when "server signing = required" is set

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

5.9CVSS6.5AI score0.0039EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/07/20 2:54 p.m.21 views

CVE-2023-3347 Samba: smb2 packet signing is not enforced when "server signing = required" is set

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

5.9CVSS6.9AI score0.0039EPSS
Exploits0References5
CISA
CISA
added 2023/07/20 12:0 p.m.10 views

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation...

7AI score
Exploits0References1
Samba
Samba
added 2023/07/19 12:0 a.m.40 views

SMB2 packet signing not enforced

Description SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. SMB2 packet signing is a mechanism that ensures the integrity and authenticity of data exchanged between a clien...

5.9CVSS6.4AI score0.0039EPSS
Exploits0
Rows per page
Query Builder