CVE-2022-40497

Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution RCE vulnerability via the Active Response endpoint...

kernel: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...

CVE-2024-53156 wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for connrspepid in htcconnectservice I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 index 255 is out of range for type...

PT-2024-38422 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to...

CVE-2022-40497

Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution RCE vulnerability via the Active Response endpoint...

Remote code execution

Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution RCE vulnerability via the Active Response endpoint...

CVE-2022-40497

Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution RCE vulnerability via the Active Response endpoint...

Wazuh 安全漏洞

Wazuh is an Wazuh open source application. Wazuh 3.6.1 and later, 3.13.5 and earlier, 4.0.0 and later, 4.2.7 and earlier, and 4.3.0 and later, 4.3.7 and earlier are vulnerable to a code execution vulnerability that stems from Active Response endpoint fails to properly filter the special elements ...

PT-2022-25407 · Wazuh · Wazuh

Name of the Vulnerable Software and Affected Versions: Wazuh versions 3.6.1 through 3.13.5 Wazuh versions 4.0.0 through 4.2.7 Wazuh versions 4.3.0 through 4.3.7 Description: The issue is an authenticated remote code execution RCE vulnerability. It can be exploited via the Active Response endpoint...

CVE-2022-30459

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simplechatbot/classes/Master.php?f=deleteresponse, id...

CVE-2022-30464

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting XSS via /simplechatbot/classes/Master.php?f=saveresponse...

PT-2022-20131 · Unknown · Chatbot App With Suggestion In Php/Oop

Name of the Vulnerable Software and Affected Versions: ChatBot App with Suggestion in PHP/OOP version 1.0 Description: The issue is related to Cross Site Scripting XSS via the /simple chat bot/classes/Master.php?f=save response API endpoint. This allows for potential malicious script injection. N...

Excerpts from Modern Bank Heists – Threat Hunting Teams & CIR

Carbon Black recently published a report on the newest threats facing the financial world, and how to counteract them. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live...