2886 matches found
Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks
A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it's a significant upgrade over the Pupy RAT, an open-source remote access trojan it's modeled on. "Decoy Dog has a full suite of powerful, previously unknown capabilities – including the ability to move victims...
VulnCheck KEV: CVE-2023-24489
Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers...
The vulnerability of the microprogramming software for WAGO 750-3x and WAGO 750-8x programmable logic controllers allows a intruder to cause malfunctions during maintenance operations.
The vulnerability of the microprogrammed software in WAGO 750-3x and WAGO 750-8x programmable logic controllers is related to uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause malfunctions in the system...
The vulnerability of FTP servers of microprogrammed logic controllers such as MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, and SW1DNN-EIPCTFX5-BD allows attackers to compromise the target system.
The vulnerability of FTP servers of microprogrammed logic controllers such as MELSEC RJ71EIP91, SW1DNN-EIPCT-BD, FX5-ENET/IP, and SW1DNN-EIPCTFX5-BD lies in the ability to download files of a dangerous type without limitation. Exploiting this vulnerability can allow an attacker to compromise the...
The vulnerability of Citrix ADC application delivery controllers (formerly known as Citrix NetScaler Application Delivery Controller) and Citrix Gateway virtual environment access control systems (formerly known as Citrix NetScaler Gateway) stems from improper validation of the return value of a function. This allows attackers to disclose sensitive information that should be protected.
The vulnerability of Citrix ADC application delivery controllers formerly known as Citrix NetScaler Application Delivery Controller, as well as the Citrix Gateway access control system formerly known as Citrix NetScaler Gateway, is related to improper validation of the return value of a function...
GHSA-WVP2-9PPW-337J Paths contain matrix variables bypass decorators
Impact Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. In this situation, the Armeria decorators might not invoked because of the matrix variables. Let's see the...
CVE-2023-21405
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors...
CVE-2023-21405
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors...
Design/Logic Flaw
Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors...
CVE-2023-21405
CVE-2023-21405 affects Axis Network Door Controllers and Axis Network Intercoms via OSDP; the vulnerability is a crash in the OSDP message parser that crashes the pacsiod process, causing temporary unavailability of door-controlling functionality (doors cannot be opened or closed). The issue is d...
PT-2023-7483 · Axis · Axis Network Intercoms +1
Name of the Vulnerable Software and Affected Versions: Axis Network Door Controllers and Axis Network Intercoms affected versions not specified Description: The issue is related to a flaw in the implementation of the Open Supervised Device Protocol OSDP in Axis Network Door Controllers and Axis...
Axis Network Door Controllers 安全漏洞
AXIS Network Door Controllers is a network door controller from AXIS Sweden. A security vulnerability exists in Axis Network Door Controllers, Axis Network Intercoms, which stems from a crash of the OSDP message parser pacsiod process when communicating via OSDP intercom, resulting in a temporary...
SUSE CVE-2023-3347
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...
CVE-2023-3347
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...
AZL-48166 CVE-2023-3347 affecting package samba 4.18.3-2
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...
CVE-2023-3347
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...
CVE-2023-3347 Samba: smb2 packet signing is not enforced when "server signing = required" is set
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...
CVE-2023-3347 Samba: smb2 packet signing is not enforced when "server signing = required" is set
A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation...
SMB2 packet signing not enforced
Description SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. SMB2 packet signing is a mechanism that ensures the integrity and authenticity of data exchanged between a clien...