CVE-2023-20811

In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061...

MediaTek Chip Buffer Error Vulnerability

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek chips that stems from an incorrect boundary check in the power module, which may result in memory corruption...

MediaTek Chip Security Breach

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek chips that stems from improper validation of inputs to the IOMMU module, which could lead to information disclosure...

CBEthCollateral and AnkrStakedEthCollateral _underlyingRefPerTok is incorrect

Lines of code Vulnerability details The CBEthCollateral.underlyingRefPerTok function just uses CBEth.exchangeRate to get the ref/tok rate. The CBEth.exchangeRate can only get the conversion rate from cbETH to staked ETH2 on the coinbase. However as the docs...

CLSA-2023-1691083401 Fix CVE(s): CVE-2022-3697

SECURITY UPDATE: improper handling of towercallback parameter in amazon.aws collection - debian/patches/CVE-2022-3697.patch: ec2instance - validate options on towercallback - CVE-2022-3697 Enable unit testing...

Input validation

Denial-of-service DoS vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially...

CVE-2023-38744

Denial-of-service DoS vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially...

PT-2023-26580 · Omron · Cj2H Cpu Unit +2

Name of the Vulnerable Software and Affected Versions: CJ2M CPU Unit versions 2.18 and earlier CJ2H CPU Unit versions 3.04 and earlier CS/CJ Series EtherNet/IP Unit CS1W-EIP21 versions 3.04 and earlier CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 versions 3.04 and earlier Description: A...

New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets

Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. Palo Alto Networks Unit 42 said it detected the previously undocumented strain as part of a campaign that...

Omron CJ Series Security Vulnerability

The Omron CJ series is a series of small programmable controllers from Omron Corporation Japan. A security vulnerability exists in the Omron CJ Series CJ2 CPU unit and the CS/CJ Series EtherNet/IP unit, which results from a lack of proper validation of specified types of inputs...

The vulnerability of Mitsubishi Electric’s M8V, M8, C80, and IoT Unit series controllers’ microprogramming software lies in the fact that the operation output goes beyond the buffer in memory. This allows a hacker to cause a malfunction in the device or execute arbitrary code.

The vulnerability of Mitsubishi Electric’s M8V, M8, C80, and IoT Unit microcontroller software lies in the fact that the operation data is stored outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to cause malfunctions in the device, or execute arbitrary code by...

CVE-2022-4608

A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of...

CVE-2023-36806 Contao cross site scripting vulnerability via input unit widget

Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview back end an...

CVE-2023-36806 Contao cross site scripting vulnerability via input unit widget

Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview back end an...

GHSA-4GPR-P634-922X Cross site scripting via input unit widget

Impact Authenticated users can inject malicious code in widgets with units, which is then executed both in the element preview back end and on the website front end. Patches Update to Contao 4.9.42, 4.13.28 or 5.1.10. Workarounds Disable login for all untrusted back end users. References...

UBUNTU-CVE-2023-38056

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

PT-2023-26267 · Otrs +1 · Otrs +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.44 OTRS versions 8.0.X through 8.0.34 OTRS Community Edition versions 6.0.1 through 6.0.34 Description: The issue is related to improper neutralization of commands allowed to be executed via OTRS System...

DEBIAN-CVE-2022-46292

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

CVE-2022-46292

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...

CVE-2022-46292

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to...