32 matches found
EUVD-2023-38474
Malicious code in bioql PyPI...
EUVD-2023-40773
Malicious code in bioql PyPI...
EUVD-2023-23655
Malicious code in bioql PyPI...
CVE-2023-36853
In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges...
CVE-2023-36853
In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges...
CVE-2023-34394
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
CVE-2023-34394
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
Design/Logic Flaw
?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges...
Input validation
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
CVE-2023-36853 Keysight Geolocation Server Exposed Dangerous Method or Function
In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges...
CVE-2023-36853
Keysight Geolocation Server (affected: v2.4.2 and earlier) is impacted by CVE-2023-36853. A low-privileged attacker can craft a local ZIP file containing a malicious script in any location, enabling loading of a DLL with SYSTEM privileges. This is described as an Exposed Dangerous Method or Funct...
CVE-2023-34394 Keysight N6845A Relative Path Traversal
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
CVE-2023-34394 Keysight N6845A Relative Path Traversal
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition...
CVE-2023-34394
In CVE-2023-34394, Keysight Geolocation Server versions up to v2.4.2 are affected by a path validation issue that allows an attacker to upload a crafted malicious file or delete files/directories with SYSTEM privileges. The underlying root cause is improper path validation, enabling local privile...
Keysight Technologies N6854A Geolocation server 代码问题漏洞
Keysight Technologies N6854A Geolocation server is a geolocation server from Keysight Technologies. A security vulnerability exists in Keysight Geolocation Server v2.4.2 and prior versions, which can be exploited by a low-privileged attacker to load a DLL with system privileges by creating a loca...
Keysight Technologies N6854A Geolocation server 代码问题漏洞
Keysight Technologies N6854A Geolocation server is a geolocation server from Keysight Technologies, Inc. A security vulnerability exists in Keysight Geolocation Server v2.4.2 and prior versions, which stems from improper path validation and allows an attacker to upload a specially crafted malicio...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02...
Keysight N6845A Geolocation Server
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Server Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
PT-2023-3574 · Keysight · Keysight Geolocation Server
Name of the Vulnerable Software and Affected Versions: Keysight Geolocation Server versions 2.4.2 and prior Description: The issue is related to improper path validation, which could allow an attacker to upload a specially crafted malicious file or delete any file or directory with SYSTEM...
Keysight N6845A Geolocation Server
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Sever Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges in...