K000134938 : Intel Processors vulnerability CVE-2022-38090
Security Advisory Description Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable ...
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series
1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration tool
Vulnerabilities: Weak Password Requirements, Use of Hard-coded Password, Missing Password Field Masking, Unrestricted Upload of File with Dangerous Type
2. RISK EVALUATION
Successful exploitation of...
Delta Electronics CNCSoft-B DOPSoft
1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: CNCSoft-B DOPSoft
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to exploit a buffer overflow condition and remotely execute arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The...
JD Group – 521,878 breached accounts
In May 2023, the South African retailer JD Group announced a data breach affecting a number of their online assets including Bradlows, Everyshop, HiFi Corp, Incredible (Connection), Rochester, Russells, and Sleepmasters. The breach exposed over 520k unique customer records...
K31323265 : OpenSSL vulnerability CVE-2022-0778
Security Advisory Description The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is ...
K000132943 : OpenSSL vulnerability CVE-2022-4304
Security Advisory Description A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher ...
K000132635 : OpenSSL vulnerability CVE-2022-4450
Security Advisory Description The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the ...
K000132946 : OpenSSL vulnerability CVE-2023-0215
Security Advisory Description The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, ...
K000132941 : OpenSSL vulnerability CVE-2023-0286
Security Advisory Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public ...
K83120834 : Diffie-Hellman key agreement protocol weaknesses CVE-2002-20001 & CVE-2022-40735
Security Advisory Description The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger ...
K000132686 : TLS Triple Handshake Attack vulnerability
Security Advisory Description The original TLS protocol includes a weakness in master secret negotiation, potentially allowing the Triple Handshake Attack that is mitigated by the Extended Master ...
K000134747 : PHP vulnerability CVE-2023-0568
Security Advisory Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with ...
K000133753 : PHP vulnerability CVE-2023-0662
Security Advisory Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and ...
K63597327 : Python Flask vulnerability CVE-2018-1000656
Security Advisory Description The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage ...
K28622040 : Python vulnerability CVE-2019-9948
Security Advisory Description urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: ...
K000130512 : SQLite vulnerability CVE-2022-35737
Security Advisory Description SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. (CVE-2022-35737)
K000132352 : OpenAM Vulnerability CVE-2023-22320
Security Advisory Description OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22).
K54450124 : NSS vulnerability CVE-2021-43527
Security Advisory Description NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures.
K49902412 : nghttp vulnerability CVE-2018-1000168
Security Advisory Description nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation ...
K63525027 : Memcached vulnerability CVE-2018-1000115
Security Advisory Description Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached ...
Bad guys no longer: here’s how to keep data secure without restricting SaaS apps
CISOs often prohibit or limit the use of SaaS apps for security reasons, but there are other ways to safeguard sensitive data without saying no to all cloud apps.
New PowerDrop Malware Targeting U.S. Aerospace Industry
An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop.
"PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption," according to Adlumin, which found the malware implanted in an...
FBI warns of increasing use of AI-generated deepfakes in sextortion schemes
Enlarge
The FBI on Monday warned of the increasing use of artificial intelligence to generate phony videos for use in sextortion schemes that attempt to harass minors and non-consulting...
New Gigabyte BIOS updates for motherboard backdoor removal issued
Gigabyte has released BIOS updates aimed at removing a firmware backdoor discovered by Eclypsium in over 270 of its motherboard models, which could have been exploited to facilitate the deployment of a Windows binary that would then prompt payload...
Georgia city mayor rejects dealings with BlackByte ransomware
Officials at the City of Augusta, Georgia, have been noted by Mayor Garnett Johnson to have not communicated with the BlackByte ransomware operation that took credit for a cyberattack against the city that commenced on May 21, according to...
