The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to writing beyond the buffer limit, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to insufficient validation of data authenticity, allows attackers to compromise data integrity.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to insufficient validation of data authenticity. Exploiting this vulnerability allows attackers to compromise data integrity...

Important: golang

Issue Overview: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules whi...

PT-2023-4202 · Apple +8 · Macos Ventura +14

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.7.8 iPadOS versions prior to 15.7.8 iOS versions prior to 16.6 iPadOS versions prior to 16.6 tvOS versions prior to 16.6 macOS Ventura versions prior to 13.5 Safari versions prior to 16.6 watchOS versions prior to 9.6...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

Design/Logic Flaw

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

CVE-2023-30561

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running...

CVE-2023-30561

CVE-2023-30561 describes insecure data flow between the BD Alaris PCU and its modules. In BD Alaris PCU Model 8015, v12.1.3 and earlier, the infusion data can be exposed or tampered if a threat actor gains physical access and connects a crafted device during an infusion. BD’s ICS bulletin indicat...

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

CVE-2023-33668

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...

CVE-2023-33668

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...

CVE-2023-3596 Rockwell Automation Allen-Bradley ControlLogix Communication Modules vulnerable to Denial of Service

Where this vulnerability exists in the Rockwell Automation 1756-EN4 Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages...

CVE-2023-3595 Rockwell Automation ControlLogix Communication Modules Vulnerable to Remote Code Execution

Where this vulnerability exists in the Rockwell Automation 1756 EN2 and 1756 EN3 ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modif...

CISA Releases One Industrial Control Systems Advisory

CISA released one Critical Industrial Control Systems ICS advisory on July 12, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-193-01 Rockwell Automation Select Communication Modules CISA encourages users and...

Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which came ...

CVE-2023-33668

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...

CVE-2023-33668

CVE-2023-33668 affects DigiExam up to v14.0.2, where there is a lack of integrity checks for native modules. The issue enables attackers on shared computers to access PII and potentially take over user accounts, per multiple sources including Red Hat and NVD entries. The root cause is insufficien...

CVE-2023-33668

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers...