Read Time:7 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability.
Daily Archives: August 21, 2023
ZDI-23-1157: Advantech R-SeeNet device_status Local File Inclusion Privilege Escalation Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech R-SeeNet. Authentication is required to exploit this vulnerability.
ZDI-23-1158: McAfee Safe Connect VPN Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Read Time:12 Second
This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Safe Connect VPN. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-23-1154: SonicWALL GMS Virtual Appliance Syslog Directory Traversal Remote Code Execution Vulnerability
Read Time:10 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-23-1155: SonicWALL GMS Virtual Appliance HttpDigestAuthenticator Authentication Bypass Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability.
ZDI-23-1153: 3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability
Read Time:11 Second
This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
USN-6267-3: Firefox regressions
Read Time:1 Minute, 2 Second
USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in
Firefox. The update introduced several minor regressions. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-4047,
CVE-2023-4048, CVE-2023-4049, CVE-2023-4051, CVE-2023-4053, CVE-2023-4055,
CVE-2023-4056, CVE-2023-4057, CVE-2023-4058)
Max Vlasov discovered that Firefox Offscreen Canvas did not properly track
cross-origin tainting. An attacker could potentially exploit this issue to
access image data from another site in violation of same-origin policy.
(CVE-2023-4045)
Alexander Guryanov discovered that Firefox did not properly update the
value of a global variable in WASM JIT analysis in some circumstances. An
attacker could potentially exploit this issue to cause a denial of service.
(CVE-2023-4046)
Mark Brand discovered that Firefox did not properly validate the size of
an untrusted input stream. An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-4050)