34 matches found
EUVD-2023-23655
Malicious code in bioql PyPI...
EUVD-2023-40773
Malicious code in bioql PyPI...
EUVD-2023-38474
Malicious code in bioql PyPI...
CVE-2023-36853
In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges...
CVE-2023-36853
In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges...
CVE-2023-34394
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
CVE-2023-34394
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
Input validation
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
Design/Logic Flaw
?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges...
CVE-2023-36853 Keysight Geolocation Server Exposed Dangerous Method or Function
In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges...
CVE-2023-36853
Keysight Geolocation Server (affected: v2.4.2 and earlier) is impacted by CVE-2023-36853. A low-privileged attacker can craft a local ZIP file containing a malicious script in any location, enabling loading of a DLL with SYSTEM privileges. This is described as an Exposed Dangerous Method or Funct...
CVE-2023-34394 Keysight N6845A Relative Path Traversal
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
CVE-2023-34394 Keysight N6845A Relative Path Traversal
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
CVE-2023-34394
In CVE-2023-34394, Keysight Geolocation Server versions up to v2.4.2 are affected by a path validation issue that allows an attacker to upload a crafted malicious file or delete files/directories with SYSTEM privileges. The underlying root cause is improper path validation, enabling local privile...
Keysight Technologies N6854A Geolocation server 代码问题漏洞
Keysight Technologies N6854A Geolocation server is a geolocation server from Keysight Technologies, Inc. A security vulnerability exists in Keysight Geolocation Server v2.4.2 and prior versions, which stems from improper path validation and allows an attacker to upload a specially crafted malicio...
Keysight Technologies N6854A Geolocation server 代码问题漏洞
Keysight Technologies N6854A Geolocation server is a geolocation server from Keysight Technologies. A security vulnerability exists in Keysight Geolocation Server v2.4.2 and prior versions, which can be exploited by a low-privileged attacker to load a DLL with system privileges by creating a loca...
The vulnerability of Keysight N6854A geolocation server microprogramming software, related to errors in processing the relative path to the catalog, allows a intruder to execute arbitrary code.
The vulnerability of Keysight N6854A geolocation server microprogramming software is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially crafted file...
The vulnerability of Keysight N6854A geolocation server microprogramming software relates to the use of dangerous methods or functions that allow a intruder to execute arbitrary code.
The vulnerability of Keysight N6854A geolocation server microprogramming software is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a attacker to execute arbitrary code using a specially crafted ZIP file...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02...
Keysight N6845A Geolocation Server
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Server Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...