Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-43305: CVE-reports/CVE-2023-43305.md at main · syz913/CVE-reports

An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

CVE
Open in Source
#vulnerability#git
CVE-2023-43742: advisories/ATREDIS-2023-0002.md at master · atredispartners/advisories

An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful.

GHSA-9r6p-hg4g-5gxp: Microweber missing standardized error handling mechanism

Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.0.

CVE-2023-6061: Phantom DLL hijacking vulnerabilities in Iconics Suite - CVE-2023-6061

Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll

CVE-2023-6599

Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.

Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents

By Waqas The documents were leaked on December 6th, 2023, on Breach Forums. This is a post from HackRead.com Read the original post: Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents

Cybersecurity considerations to have when shopping for holiday gifts

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

GHSA-c79f-pqgf-fhp3: Directory Traversal in Gladys Assistant

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms

By Deeba Ahmed Discovered by the cybersecurity researchers at Group-IB; the new Linux RAT, dubbed Krasue, is targeting telecom firms in Thailand. This is a post from HackRead.com Read the original post: New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms

CVE-2023-49404: TENDA/w30e/tenda_w30e_setAdvancedSetList/w30e_setAdvancedSetList.md at main · GD008/TENDA

Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet.