What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-07-13 20:15:09 | CVE-2023-30561 (lien direct) | Les données qui coulent entre le PCU et ses modules sont peu sûres.Un acteur de menace ayant un accès physique pourrait potentiellement lire ou modifier des données en attachant un appareil spécialement conçu pendant une perfusion en cours d'exécution.
The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running. |
Threat | ||
|
2023-07-11 19:15:09 | CVE-2023-36884 (lien direct) | Microsoft enquête sur les rapports d'une série de vulnérabilités d'exécution de code distantes ayant un impact sur Windows et les produits Office.Microsoft est au courant des attaques ciblées qui tentent d'exploiter ces vulnérabilités en utilisant des documents Microsoft Office spécialement conçus.
Un attaquant pourrait créer un document Microsoft Office spécialement conçu qui leur permet d'effectuer une exécution de code distante dans le contexte de la victime.Cependant, un agresseur devrait convaincre la victime d'ouvrir le dossier malveillant.
À la fin de cette enquête, Microsoft prendra les mesures appropriées pour aider à protéger nos clients.Cela peut inclure la fourniture d'une mise à jour de sécurité via notre processus de publication mensuel ou la fourniture d'une mise à jour de sécurité hors cycle, en fonction des besoins des clients.
Veuillez consulter le blog Microsoft Threat Intelligence https://aka.ms/storm-0978 & acirc; & nbsp; Entrée pour des informations importantes sur les étapes que vous pouvez prendre pour protéger votre système de cette vulnérabilité.
Ce CVE sera mis à jour avec de nouvelles informations et des liens vers des mises à jour de sécurité lorsqu'ils seront disponibles.
Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Microsoft Threat Intelligence Blog https://aka.ms/Storm-0978 Â Entry for important information about steps you can take to protect your system from this vulnerability. This CVE will be updated with new information and links to security updates when they become available. |
Threat | ||
|
2023-07-05 21:15:09 | CVE-2023-35939 (lien direct) | GLPI est un progiciel gratuit et logiciel de gestion informatique.À partir de la version 9.5.0 et avant la version 10.0.8, une vérification des droits incorrects sur un fichier accessible par un utilisateur authentifié (ou non pour certaines actions), permet à un acteur de menace d'interagir, de modifier ou de voir les données du tableau de bord.La version 10.0.8 contient un correctif pour ce problème.
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user (or not for certain actions), allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8 contains a patch for this issue. |
Threat | ||
|
2023-06-28 22:15:09 | CVE-2023-36474 (lien direct) | InteractSH est un outil open source pour détecter les interactions hors bande.Les domaines configurés avec InteractSh Server avant la version 1.0.0 étaient vulnérables à la prise de contrôle du sous-domaine pour un sous-domaine spécifique, c'est-à-dire le serveur InteractSh utilisé pour créer des entrées CName pour `app" pointant vers `projectDiscovery.github.io` par défaut, qui, apprenantdestiné à utiliser pour héberger le client Web InteractSH à l'aide de pages GitHub.Il s'agit d'un problème de sécurité avec un serveur InteractSh auto-hébergé dans lequel l'utilisateur n'a peut-être pas configuré un client Web mais a toujours une entrée CNAME pointant vers les pages GitHub, ce qui les rend vulnérables à la prise de contrôle des sous-domaines.Cela permet à un acteur de menace d'héberger / d'exécuter le code côté client arbitraire (script inter-site) dans le navigateur d'un utilisateur \\ lors de la navigation du sous-domaine vulnérable.La version 1.0.0 résout ce problème en rendant CNAME en option, plutôt que par défaut.
Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing to `projectdiscovery.github.io` as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user\'s browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default. |
Tool Threat | ||
|
2023-06-28 15:15:09 | CVE-2023-20006 (lien direct) | De façon inattendue, résultant en une condition de déni de service (DOS).Cette vulnérabilité est due à une erreur d'implémentation au sein des fonctions cryptographiques pour le traitement du trafic SSL / TLS lorsqu'ils sont déchargés au matériel.Un attaquant pourrait exploiter cette vulnérabilité en envoyant un flux fabriqué de trafic SSL / TLS vers un appareil affecté.Un exploit réussi pourrait permettre à l'attaquant de provoquer une erreur inattendue dans le moteur de cryptographie matérielle, ce qui pourrait provoquer un rechargement de l'appareil.
A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload. |
Vulnerability Threat | ||
|
2023-06-27 15:15:11 | CVE-2023-36000 (lien direct) | Une vérification d'autorisation manquante dans le point de terminaison de la configuration de l'agent MacOS du serveur de gestion des menaces d'initié permet à un attaquant anonyme sur un réseau adjacent d'obtenir des informations sensibles.Une exploitation réussie nécessite qu'un attaquant obtienne d'abord un jeton d'authentification d'agent valide.Toutes les versions avant 7.14.3 sont affectées.
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. |
Threat | ||
|
2023-06-27 15:15:11 | CVE-2023-36002 (lien direct) | Une vérification d'autorisation manquante dans plusieurs points de terminaison de validation URL du serveur de gestion des menaces d'initié permet à un attaquant anonyme sur un réseau adjacent de faire passer du contenu via des recherches DNS.Toutes les versions avant 7.14.3 sont affectées.
A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected. |
Threat | ||
|
2023-06-27 15:15:10 | CVE-2023-2818 (lien direct) | Une autorisation de système de fichiers en insécurité dans l'agent de gestion des menaces d'initié pour Windows permet aux utilisateurs locaux non privilégiés de perturber la surveillance des agents.Toutes les versions antérieures à 7.14.3 sont affectées.Les agents pour macOS et Linux et Cloud ne sont pas affectés.
An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected. |
Threat Cloud | ||
|
2023-06-27 15:15:10 | CVE-2023-35998 (lien direct) | Une vérification d'autorisation manquante dans plusieurs points de terminaison de savon du serveur de gestion des menaces d'initié permet à un attaquant sur un réseau adjacent de lire et d'écrire des objets non autorisés.Une exploitation réussie nécessite qu'un attaquant obtienne d'abord un jeton d'authentification d'agent valide.Toutes les versions avant 7.14.3 sont affectées.
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. |
Threat | ||
|
2023-06-14 22:15:09 | CVE-2023-2820 (lien direct) | Une vulnérabilité de divulgation d'informations dans le point final du? Faye dans la réponse à la menace de preuve / Réponse de menace Auto-pull (PTR / TRAT) pourrait être utilisée par un attaquant sur un réseau adjacent pour obtenir des informations d'identification aux services intégrés via une position d'homme au milieu du milieuou cryptanalyse du trafic de session.Un attaquant pourrait utiliser ces informations d'identification pour usurper l'identité de PTR / TRAP à ces services.Toutes les versions antérieures à 5.10.0 sont affectées. & Acirc; & nbsp;
An information disclosure vulnerability in the?faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. |
Vulnerability Threat | ||
|
2023-06-14 22:15:09 | CVE-2023-2819 (lien direct) | Une vulnérabilité de script inter-sites stockée dans l'interface utilisateur des sources dans la réponse à la menace de la menace / menace Auto Pull (PTR / TRAT) pourrait permettre à un administrateur authentifié sur un réseau adjacent de remplacer le fichier image par un type de MIME arbitraire.? Cela pourrait entraîner une exécution arbitraire de code JavaScript dans un contexte d'administration.
A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. ?This could result in arbitrary javascript code execution in an admin context.?All versions prior to 5.10.0 are affected.? |
Vulnerability Threat | ||
|
2023-06-13 21:15:10 | CVE-2023-2639 (lien direct) | Le mécanisme de rétroaction sous-jacent de
Rockwell Automation \\ 's & acirc; & nbsp; FactoryTalk System Services qui transfère les règles FactoryTalk Policy Manager vers les appareils pertinents sur le réseau ne vérifie pas que l'origine de la communication provient d'un appareil client local légitime. & Acirc; & nbsp;Cela peut permettre à un acteur de menace d'élaborer un site Web malveillant qui, une fois visité, enverra un script malveillant qui peut se connecter au point de terminaison Websocket local et attendre des événements comme s'il s'agissait d'un appareil client valide.S'il est exploité avec succès, cela permettrait à un acteur de menace de recevoir des informations, notamment si FactoryTalk Policy Manager est installé et potentiellement la politique de sécurité entière. & Acirc; & nbsp;
The underlying feedback mechanism of Rockwell Automation\'s FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device. If successfully exploited, this would allow a threat actor to receive information including whether FactoryTalk Policy Manager is installed and potentially the entire security policy. |
Threat | ||
|
2023-06-13 21:15:09 | CVE-2023-2637 (lien direct) | Les services System System de Rockwell Automation \'s utilisent une clé cryptographique à code dur pour générer des cookies d'administrateur. & Acirc; & nbsp;La clé cryptographique à code dur peut conduire à une escalade de privilèges. & Acirc; & nbsp;Cette vulnérabilité peut permettre à un utilisateur local et non-traditionnel authentifié de générer un cookie administrateur non valide lui donnant des privilèges administratifs à la base de données de la stratégie de politique de FactoryTalk.Cela peut permettre à l'acteur de menace d'apporter des modifications malveillantes à la base de données qui seront déployées lorsqu'un utilisateur légitime FactoryTalk Policy Manager déploie un modèle de politique de sécurité.L'interaction utilisateur est requise pour que cette vulnérabilité soit exploitée avec succès.
Rockwell Automation\'s FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited. |
Vulnerability Threat | ||
|
2023-05-15 20:15:09 | CVE-2023-32313 (lien direct) | vm2 is a sandbox that can run untrusted code with Node\'s built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. As a result a threat actor can edit options for the `console.log` command. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. Users unable to upgrade may make the `inspect` method readonly with `vm.readonly(inspect)` after creating a vm.
vm2 is a sandbox that can run untrusted code with Node\'s built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. As a result a threat actor can edit options for the `console.log` command. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. Users unable to upgrade may make the `inspect` method readonly with `vm.readonly(inspect)` after creating a vm. |
Vulnerability Threat | ||
|
2023-05-15 20:15:09 | CVE-2023-32314 (lien direct) | vm2 is a sandbox that can run untrusted code with Node\'s built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
vm2 is a sandbox that can run untrusted code with Node\'s built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of `Proxy`. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.18` of `vm2`. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
Vulnerability Threat | ||
|
2023-05-04 05:15:09 | CVE-2023-26125 (lien direct) | Les versions du package github.com/gin-gonic/gin avant 1.9.0 sont vulnérables à une mauvaise validation des entrées en permettant à un attaquant d'utiliser une demande spécialement conçue via l'en-tête X-Forwardée, conduisant potentiellement à l'empoisonnement au cache.
** Remarque: ** Bien que ce problème ne représente pas une menace significative en soi, elle peut servir de vecteur d'entrée pour d'autres vulnérabilités plus impactantes.Cependant, l'exploitation réussie peut dépendre de la configuration du serveur et si l'en-tête est utilisé dans la logique d'application.
Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning. **Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic. |
Threat | ||
|
2023-04-28 18:15:26 | CVE-2023-30455 (lien direct) | Un problème a été découvert dans Ebankit avant 7. Une attaque de déni de service est possible via les domaines de paramètres Get situés sur /Controls/generic/ebmk/handlers/estatements/downloadestaténage.ashx.Le paramètre GET accepte plus de 100 ID de statement électronique séparés par des virgules sans lancer une erreur.Lorsque ces nombreux ID sont fournis, le serveur prend environ 60 secondes pour répondre et générer avec succès l'archive ZIP attendue (pendant cette période, aucune autre pages ne charge).Un acteur de menace pourrait émettre une demande à ce point de terminaison avec plus de 100 ID de déclaration toutes les 30 secondes, ce qui entraîne une surcharge du serveur pour tous les utilisateurs.
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). A threat actor could issue a request to this endpoint with 100+ statement IDs every 30 seconds, potentially resulting in an overload of the server for all users. |
Threat | ||
|
2023-04-21 12:15:07 | CVE-2023-26100 (lien direct) | En progrès Flowmon avant 12.2.0, un point de terminaison de l'application n'a pas réussi à désinfecter les entrées fournies par l'utilisateur.Un acteur de menace pourrait tirer parti d'une vulnérabilité XSS réfléchie pour exécuter du code arbitraire dans le contexte du navigateur Web d'un utilisateur Flowmon \\.
In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user\'s web browser. |
Vulnerability Threat | ||
|
2023-04-14 19:15:09 | CVE-2023-29199 (lien direct) | Il existe une vulnérabilité dans le transformateur de code source (logique de désinfection d'exception) de VM2 pour les versions jusqu'à 3.9.15, permettant aux attaquants de contourner `HandleException ()` et divulguercontexte de l'hôte.Un acteur de menace peut contourner les protections de bac à sable pour obtenir des droits d'exécution de code distants sur l'hôte exécutant le bac à sable.Cette vulnérabilité a été corrigée dans la version de la version «3.9.16» de `VM2».
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`. |
Vulnerability Threat | ||
|
2023-04-06 20:15:08 | CVE-2023-29017 (lien direct) | VM2 est un bac à sable qui peut exécuter du code non fiable avec des modules intégrés de Node Whited \\.Avant la version 3.9.15, VM2 ne gérait pas correctement les objets hôtes transmis à `error.preparestackTrace` en cas d'erreurs asynchrones non gérées.Un acteur de menace pourrait contourner les protections de bac à sable pour obtenir des droits d'exécution de code à distance sur l'hôte exécutant le bac à sable.Cette vulnérabilité a été corrigée dans la version de la version 3.9.15 de VM2.Il n'y a pas de solution de contournement connu.
vm2 is a sandbox that can run untrusted code with whitelisted Node\'s built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds. |
Vulnerability Threat | ||
|
2023-03-28 21:15:11 | CVE-2023-28398 (lien direct) | Osprey Pump Controller Version 1.01 pourrait permettre à un utilisateur non authentifié de créer un compte et de contourner l'authentification, gagnant ainsi un accès non autorisé au système.Un acteur de menace pourrait exploiter cette vulnérabilité pour créer un compte d'utilisateur sans fournir des informations d'identification valides.Un acteur de menace qui exploite avec succès cette vulnérabilité pourrait accéder au contrôleur de pompe et provoquer des perturbations en fonctionnement, modifier les données ou arrêter le contrôleur.
Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor who successfully exploits this vulnerability could gain access to the pump controller and cause disruption in operation, modify data, or shut down the controller. |
Vulnerability Threat | ||
|
2023-03-23 17:15:15 | CVE-2023-20107 (lien direct) | Une vulnérabilité dans le générateur de bits aléatoires déterministe (DRBG), également connu sous le nom de générateur de nombres pseudorandom (PRNG), dans le logiciel Cisco Adaptive Security Appliance (ASA) et Cisco FirePower Defence (FTD) pour Cisco ASA 5506-X, ASA 5508-Les pare-feu X et ASA 5516-X pourraient permettre à un attaquant distant non authentifié de provoquer une collision cryptographique, permettant à l'attaquant de découvrir la clé privée d'un appareil affecté.Cette vulnérabilité est due à une entropie insuffisante dans le DRBG pour les plates-formes matérielles affectées lors de la génération de clés cryptographiques.Un attaquant pourrait exploiter cette vulnérabilité en générant un grand nombre de clés cryptographiques sur un appareil affecté et en recherchant des collisions avec des appareils cibles.Un exploit réussi pourrait permettre à l'attaquant d'identifier un dispositif cible affecté ou de décrypter le trafic garanti par une clé affectée qui est envoyée à ou depuis un dispositif cible affecté.
A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. This vulnerability is due to insufficient entropy in the DRBG for the affected hardware platforms when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device. |
Vulnerability Threat | ||
|
2023-03-23 17:15:14 | CVE-2023-20081 (lien direct) | Une vulnérabilité dans le module client DHCP (DHCPV6) IPv6 (DHCPV6) du logiciel Cisco Adaptive Security Appliance (ASA), le logiciel Cisco FirePower Meners Defence (FTD), le logiciel Cisco IOS et le logiciel Cisco IOS XE pourraient permettre un attaquant à distance non authentifié pour provoquer un déni de dénide la condition de service (DOS) sur un appareil affecté.Cette vulnérabilité est due à une validation insuffisante des messages DHCPV6.Un attaquant pourrait exploiter cette vulnérabilité en envoyant des messages DHCPV6 conçus à un appareil affecté.Un exploit réussi pourrait permettre à l'attaquant de faire un rechargement de l'appareil, entraînant une condition DOS.Remarque: Pour exploiter avec succès cette vulnérabilité, l'attaquant devrait soit contrôler le serveur DHCPV6, soit être en position d'homme dans le milieu.
A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position. |
Vulnerability Threat | ||
|
2023-03-03 23:15:12 | CVE-2023-26047 (lien direct) | teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been patched in version 0.2.0. | Vulnerability Threat | ||
|
2023-03-02 01:15:11 | CVE-2023-26046 (lien direct) | teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1. | Vulnerability Threat | ||
|
2023-02-27 22:15:09 | CVE-2023-1055 (lien direct) | A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. | Vulnerability Threat Guideline | ||
|
2023-02-16 19:15:12 | CVE-2022-39948 (lien direct) | An improper certificate validation vulnerability [CWE-295] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.0.0 through 7.0.6, 2.0 all versions, 1.2 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS/FortiProxy device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS/FortiProxy) | Vulnerability Threat | ||
|
2023-01-26 21:18:07 | CVE-2023-0356 (lien direct) | SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information. | Threat | ||
|
2023-01-23 07:15:10 | CVE-2023-24068 (lien direct) | Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file. | Malware Threat | ||
|
2023-01-19 12:15:13 | CVE-2023-23690 (lien direct) | Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices. | Threat Guideline | ||
|
2022-12-23 00:15:08 | CVE-2022-23513 (lien direct) | Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists. | Vulnerability Threat Guideline | ||
|
2022-12-06 18:15:09 | CVE-2022-23466 (lien direct) | teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting (XSS) in the teler dashboard. When teler requests messages from the event stream on the `/events` endpoint, the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can only be exploited based on detected threats if the log contains a DOM scripting payload. This vulnerability has been fixed on version `v2.0.0-rc.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | Vulnerability Threat | ||
|
2022-12-05 22:15:11 | CVE-2022-43557 (lien direct) | The BD BodyGuardâ„¢ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. | Threat | ||
|
2022-12-01 14:15:11 | CVE-2022-37017 (lien direct) | Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled. | Threat | ||
|
2022-11-15 21:15:36 | CVE-2022-20950 (lien direct) | A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-checking when SIP bidirectional flows are being inspected by Snort 3. An attacker could exploit this vulnerability by sending a stream of crafted SIP traffic through an interface on the targeted device. A successful exploit could allow the attacker to trigger a restart of the Snort 3 process, resulting in a denial of service (DoS) condition. | Vulnerability Threat | ||
|
2022-11-15 21:15:35 | CVE-2022-20949 (lien direct) | A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software. | Vulnerability Threat | ||
|
2022-11-15 21:15:35 | CVE-2022-20947 (lien direct) | A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. | Vulnerability Threat | ||
|
2022-11-15 21:15:35 | CVE-2022-20946 (lien direct) | A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory handling error that occurs when GRE traffic is processed. An attacker could exploit this vulnerability by sending a crafted GRE payload through an affected device. A successful exploit could allow the attacker to cause the device to restart, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-gre-dos-hmedHQPM"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. | Vulnerability Threat | ||
|
2022-11-15 21:15:34 | CVE-2022-20940 (lien direct) | A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. An attacker could exploit this vulnerability by sending crafted TLS messages to an affected device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. | Vulnerability Threat | ||
|
2022-11-15 21:15:33 | CVE-2022-20934 (lien direct) | A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials. | Vulnerability Threat | ||
|
2022-11-15 21:15:32 | CVE-2022-20927 (lien direct) | A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management when a device initiates SSL/TLS connections. An attacker could exploit this vulnerability by ensuring that the device will connect to an SSL/TLS server that is using specific encryption parameters. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. | Vulnerability Threat | ||
|
2022-11-15 21:15:32 | CVE-2022-20928 (lien direct) | A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow. An attacker could exploit this vulnerability by sending a crafted packet during a VPN authentication. The attacker must have valid credentials to establish a VPN connection. A successful exploit could allow the attacker to establish a VPN connection with access privileges from a different user. | Vulnerability Threat | ||
|
2022-11-15 21:15:31 | CVE-2022-20924 (lien direct) | A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | Vulnerability Threat | ||
|
2022-11-15 21:15:27 | CVE-2022-20854 (lien direct) | A vulnerability in the processing of SSH connections of Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a reboot on the affected device. | Vulnerability Threat | ||
|
2022-11-15 21:15:22 | CVE-2022-20826 (lien direct) | A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust. | Vulnerability Threat | ||
|
2022-11-04 19:15:11 | CVE-2022-40263 (lien direct) | BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). Customers using BD Totalys MultiProcessor version 1.70 with Microsoft Windows 10 have additional operating system hardening configurations which increase the attack complexity required to exploit this vulnerability. | Threat | ★★ | |
|
2022-10-28 02:15:17 | CVE-2022-33859 (lien direct) | A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . | Vulnerability Threat | ||
|
2022-10-18 03:15:10 | CVE-2022-22232 (lien direct) | A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific transit traffic is processed the PFE will crash and restart. This issue affects Juniper Networks Junos OS: 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series; 22.1 versions prior to 22.1R1-S1, 22.1R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1. | Vulnerability Threat | ||
|
2022-10-18 03:15:10 | CVE-2022-22231 (lien direct) | An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On SRX Series if Unified Threat Management (UTM) Enhanced Content Filtering (CF) and AntiVirus (AV) are enabled together and the system processes specific valid transit traffic the Packet Forwarding Engine (PFE) will crash and restart. This issue affects Juniper Networks Junos OS 21.4 versions prior to 21.4R1-S2, 21.4R2 on SRX Series. This issue does not affect Juniper Networks Junos OS versions prior to 21.4R1. | Vulnerability Threat | ||
|
2022-10-11 17:15:11 | CVE-2022-34434 (lien direct) | Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | Vulnerability Threat Guideline |
To see everything:
Our RSS (filtrered)
