#web

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Siemens ​Equipment: RUGGEDCOM ​Vulnerability: Allocation of Resources without Limits or Throttling 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an unauthorized attacker to cause total loss of availability in the affected devices’ web server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected: ​RUGGEDCOM i800: All versions prior to V4.3.8 ​RUGGEDCOM i800NC: All versions prior to V4.3.8 ​RUGGEDCOM i801: All versions prior to V4.3.8 ​RUGGEDCOM i801NC: All versions prior to V4.3.8 ​RUGGEDCOM i802: All versions prior to V4.3.8 ​RUGGEDCOM i802NC: All versions prior to V4.3.8 ​RUGGEDCOM i803: All versions prior to V4.3.8 ​RUGGEDCOM i803NC: All versions prior to V4.3.8 ​RUGGEDCOM M2100: All versions prior to V4.3.8 ​RUGGEDCOM M2100F: All versions ​RUGGEDCOM M2100NC: All versions prior to V4.3.8 ​RUGGEDCOM M2200: All versions...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Solid Edge ​Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to crash the application or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected:  ​Solid Edge SE2023: All versions prior to V223.0 Update 7 3.2 VULNERABILITY OVERVIEW 3.2.1 ​OUT-OF-BOUNDS WRITE CWE-787 ​The affected application contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. ​CVE-2023-39181 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.2 ​OUT-OF-BOUNDS READ CWE-125 ​The affected applications contain an...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: Solid Edge, JT2Go, and Teamcenter Visualization ​Vulnerabilities: Use After Free, Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​JT2Go: All versions prior to v14.2.0.5 ​Solid Edge SE2022: All versions prior to v222.0 Update 13 ​Solid Edge SE2023: All versions prior to v223.0 Update 4 ​Teamcenter Visualization V13.2: All versions prior to v13.2.0.15 ​Teamcenter Visualization V13.2: All versions prior to v13.2.0.14 ​Teamcenter Visualization V13.3: All versions prior to v13.3.0.11 ​Teamcenter Visualization V14.1: All versions prior to v14.1.0.11 ​Teamcenter Visualization V14.1: All versions prior to v14.1.0.10 ​Teamcenter Visualization V14.2: All versions prior ...

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: Siemens ​Equipment: JT Open, JT Utilities, and Parasolid ​Vulnerabilities: Out-of-bounds Read 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following products from Siemens are affected: ​JT Open: All versions prior to v11.4 ​JT Utilities: All versions prior to v13.4 ​Parasolid v34.0: All versions prior to v34.0.253 ​Parasolid v34.1: All versions prior to v34.1.243 ​Parasolid v35.0: All versions prior to v35.0.177 ​Parasolid v35.1: All versions prior to v35.1.073 3.2 VULNERABILITY OVERVIEW 3.2.1 ​OUT-OF-BOUNDS READ CWE-125 ​The affected applications contain an out-of-bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. ​CVE-2023-30795 has bee...

A remote code execution vulnerability in the webview component of OPPO Store app.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <= 1.1.23 versions.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.

Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions.

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin <= 2.5.5 versions.

A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the encryption mechanism used in Tencent's Sogou Input Method, an app that has over 455 million monthly active