WatchGuard EPDR Security Vulnerability

WatchGuard EPDR is an application from WatchGuard USA, Inc. prevents, detects and responds to any type of known and unknown malware as well as fileless and malware-free attacks. A security vulnerability exists in WatchGuard EPDR version 8.0.21.0002, which stems from the fact that an attacker can...

ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies

Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop. "HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers an...

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2023-2809)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2023-1606 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal...

OESA-2023-1605 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal...

OESA-2023-1604 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal...

OESA-2023-1607 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal...

CVE-2023-38905

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PGSleep, DBMSLock.Sleep, Waitfor, DECODE, and DBMSPIPE.RECEIVEMESSAGE functions...

nipponsteelpipevn.com Cross Site Scripting vulnerability OBB-3586415

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Fortinet FortiClient VPN Improper Access Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiClient VPN. Authentication is required to exploit this vulnerability. The specific flaw exists within the FortiClient Logging daemon. The product applies insufficient access controls to...

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2023-276)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-276 advisory. Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix. CVE-2023-36664 Tenable has extracted the preceding descriptio...

CVE-2023-36664 - Artifex Ghostscript through 10.01.2 mishandles permission validation

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices with the %pipe% prefix or the | pipe character prefix...

Fedora 37 : ghostscript (2023-83c805b441)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-83c805b441 advisory. fix for CVE-2023-36664 rhbz2217805 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

SUSE-SU-2023:2844-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix bsc1212711...

Fedora 38 : ghostscript (2023-d8a1c3e5e2)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d8a1c3e5e2 advisory. rebase to bugfix release 10.01.2 rhbz2182090 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

CVE-2023-3513

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral =7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization...

CVE-2023-3514

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral =7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to...

CVE-2023-3513

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral =7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization...

CVE-2023-3514

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral =7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to...

Deserialization of untrusted data

Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral =7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization...