CVE-2023-6117 M-Files REST API allows Denial of Service

A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server before 23.11.13156.0 which allows attackers to execute DoS attacks...

PT-2023-32525 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files server versions prior to 23.11.13156.0 Description: A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server, which allows attackers to execute...

Debian dla-3658 : wordpress - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3658 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3658-1 [email protected]...

GHSA-6MV8-95X5-XCQ9 H2O local file inclusion vulnerability

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

CVE-2023-6038

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

CVE-2023-6038 Local File Inclusion in h2oai/h2o-3

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

CVE-2023-6038 Local File Inclusion in h2oai/h2o-3

A Local File Inclusion LFI vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. Th...

CVE-2023-41570

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API...

CVE-2023-41570

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API...

Design/Logic Flaw

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API...

CVE-2023-41570

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API...

MikroTik RouterOS Security Vulnerability

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in PCs to enable them to provide router functionality. A security vulnerability exists in MikroTik RouterOS versions v7.1 through 7.11 that stems from the presence of a...

CVE-2023-41570

Affected product/versions: MikroTik RouterOS 7.1–7.11. Vulnerability: Incorrect Rest API access control mechanisms, enabling potential unauthorized information disclosure. Root cause: improper access control in the Rest API. Impact: Network-exposed vulnerability with high confidentiality impact; ...

CVE-2023-41570

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API...

Information Disclosure

wordpress is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by tricking a user into installing a malicious Popup Builder plugin or by uploading a malicious plugin to a vulnerable WordPress installation. The malicious plugin would then inject malicious code into...

CVE-2023-6073

Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 and other vehicles of the VW Group with the same hardware and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls...

Design/Logic Flaw

Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 and other vehicles of the VW Group with the same hardware and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls...

CVE-2023-6073

CVE-2023-6073 affects the Volkswagen ID.3 ICAS 3 IVI ECU. Affected component: ICAS 3 IVI ECU in VW Group vehicles with the same hardware. Description provided across sources states that an attacker can perform a Denial of Service to crash the ICAS 3 IVI ECU and spoof REST API volume commands to i...

CVE-2023-6073 DoS and Control of Volume Settings for VW ID.3 ICAS3 IVI ECU

Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 and other vehicles of the VW Group with the same hardware and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls...

PT-2023-32498 · Volkswagen · Volkswagen Id.3

Name of the Vulnerable Software and Affected Versions: Volkswagen ID.3 and other vehicles of the VW Group with the same hardware affected versions not specified Description: An attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU and spoof volume setting commands to...