CVE-2023-41742

Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30430, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...

CVE-2023-41742

The CVE-2023-41742 issue affects Acronis Agent (Linux, macOS, Windows) prior to build 30430 and Acronis Cyber Protect 15 prior to build 35979. Root cause: binding to an unrestricted IP address, resulting in an excessive attack surface. Impact as described: CVSSv3 base score 7.5 (Network, High). R...

CVE-2023-41742

Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30430, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...

FreeRDP 输入验证错误漏洞

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP suffers from an input validation error vulnerability that stems from an out-of-bounds write vulnerability in the gdiCreateSurface function...

FreeRDP 缓冲区错误漏洞

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP suffers from a buffer error vulnerability that stems from an invalid offset validation that can be triggered when the values rect-left and rect-top are exactly equal to surface-width and...

Acronis Agent和Acronis Cyber Protect 安全漏洞

Acronis Agent and Acronis Cyber Protect are both products of Acronis Singapore.Acronis Agent is an agent software.Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise. Combining backup, anti-malware, network security and endpoint management capabilities suc...

PT-2023-5773 · Acronis · Acronis Agent +2

Name of the Vulnerable Software and Affected Versions: Acronis Agent versions prior to build 30430 Acronis Cyber Protect 15 versions prior to build 35979 Description: The issue is related to an excessive attack surface due to binding to an unrestricted IP address. This could allow a remote attack...

Noir - An Attack Surface Detector Form Source Code

Noir is an attack surface detector form source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools...

CVE-2023-4576

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory: On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation, which results in a heap buffer overflow, potentially leaking sensitive data that could have led to a sandbox escape. This bug only affects Firefox o...

PT-2023-4658 · Freerdp +8 · Freerdp +8

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.11.0 FreeRDP versions prior to 3.0.0-beta3 Description: The issue affects FreeRDP based clients only, due to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the gdi CreateSurface function. This ma...

CVE-2023-37379

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...

PYSEC-2023-152

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...

CVE-2023-37379

CVE-2023-37379 affects Apache Airflow versions prior to 2.7.0. An authenticated user with Connection edit privileges can access connection information and abuse the test connection feature by sending many requests, causing a DoS condition on the server and enabling potentially harmful connections...

CVE-2023-37379 Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...

The vulnerability of the OpenImageIO image processing library, related to pointer dereferencing errors, allows a hacker to cause a service failure.

The vulnerability of the OpenImageIO image processing library is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a service failure by using a specially created DDS file...

The vulnerability of the gfx::SourceSurfaceSkia::Map() function in the Firefox web browser allows a hacker to trigger a service denial.

The vulnerability of the gfx::SourceSurfaceSkia::Map function in the Firefox web browser is related to an unvalidated return value. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

Part III: Implementing Effective Cyber Security Metrics that Reduce Risk Realistically

We outlined some critical cybersecurity metrics in Part I of this three-part blog series. In the final blog post, we will delve into three crucial aspects outlined in Josh’s article: tactical metrics for operational teams, strategic metrics for leadership, and the metrics addressing the...

Siemens Parasolid and Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2023-62049)

Parasolid is a 3D geometric modeling tool that supports a variety of techniques including solid modeling, direct editing, and free-form surface/table modeling.Teamcenter Visualization enables organizations to enhance their product lifecycle management PLM environments with a range of comprehensiv...

Intel® PROSet/Wireless WiFi Software Advisory

Summary: A potential security vulnerability in some Intel® PROSet/Wireless WiFi software for Windows may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28714 Description: Improper access control i...

RFP Template for Browser Security

Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop "The Definitive Browser Security RFP...