Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-31245

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.

CVE
#web#pdf

%PDF-1.7 %���� 94 0 obj <> endobj xref 94 37 0000000016 00000 n 0000001637 00000 n 0000001795 00000 n 0000001837 00000 n 0000001871 00000 n 0000003404 00000 n 0000003517 00000 n 0000003554 00000 n 0000004202 00000 n 0000004847 00000 n 0000005472 00000 n 0000006074 00000 n 0000006186 00000 n 0000006802 00000 n 0000007272 00000 n 0000007387 00000 n 0000007790 00000 n 0000008397 00000 n 0000008500 00000 n 0000008962 00000 n 0000009502 00000 n 0000010151 00000 n 0000010727 00000 n 0000010812 00000 n 0000011170 00000 n 0000011590 00000 n 0000012257 00000 n 0000012628 00000 n 0000013176 00000 n 0000015168 00000 n 0000018954 00000 n 0000023178 00000 n 0000025827 00000 n 0000025939 00000 n 0000056100 00000 n 0000056139 00000 n 0000001036 00000 n trailer <<8040D4D75F1A434885C7DFBA9F9135DD>]/Prev 216134>> startxref 0 %%EOF 130 0 obj <>stream h�b```b``��������A��bl , ?@<� Y9��xWpj��0�e�mL9�z����/�d��f����um���� (�����ē�-��|����.{YFn �Q� 1Y|�WS9��M�����uM��.�N8�h���9(0�{"��px����͖K����Nq�h:��|V������i��t�L��4%���i �’9|� i����rN������^�Z����y��-�𛪊B��J�r���

Related news

CVE-2023-33178: XIoT Vulnerability Disclosure Dashboard

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `filter` parameter. Values allowed in the filter parameter are checked against a deny list of commands that should not be allowed, however this checking was done in a case sensitive manor and so it is possible to bypass these checks by using unusual case combinations. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. There are no workarounds aside from upgrading.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907