Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-28461

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated “a new Array AG release with the fix will be available soon.”

CVE
Open in Source
#rce#pdf#auth#ssl

%PDF-1.7 4 0 obj << /BitsPerComponent 8 /ColorSpace /DeviceGray /Filter /FlateDecode /Height 970 /Length 44247 /Subtype /Image /Type /XObject /Width 3249 >> stream x���q��:��H�$ ���$T���J@� ����ݥt�ff������s�,�͓L&����J]�*��E �5���P����Wb�*_�+����B`P��#�@�C$��Qs����F�!X�h��H`P�� ,j4��B`P�n�5��b$��Q#�@���˼��4� ,j4��B`PPs����F�!XԨ��H`P�� ,j��c$��Q�� ����-&����d}?�Q��4� ,j4ky���O�Q�%�H`P�ģ" ,ܝ�y%��,�<���H`P���� ,��<*����� ,j4��H �!3��6��]#�@��!X�h����BM#�@��{$��S��Wb@�@�,�E`P- �j��KUz������Z�"���^`�P�XbUg �Zu�"���b`�ФX��,�E`P-��r�I1�t4XT�D`P����V�������Z�"���b`�4XTkG`P- �j)�6�& �jXTK1�hR ,]M=�@�,��X�4)�>�& �j]��-��N/���,�E`P-����H3����� ,��4K@�@�����@�b`�h"���b`�ФXbM=�@�4K@�f`i("���Y1�(�K@�@�4�%��V1��XTK3� �K ����Z������"���M1�(� G�PE`P��b`�P�)������Z’���ɑT��R ,�zT G�PE`P-���ɑTXT�W ,��4 'G�F���T�^��r �־=tݥ�5��������N��;cu����4����C�ۺ��݇u"�lVӞ.����۵;��Z��’Xkj؜����<���U���ؚ��r��kõ[��]5��ڝ��VA�~�e���99���p� s �S��a��P����z,q?W�Т�a99�����,6B�47dX��V��ZyU���a��]GZA�ʗW�w���~�#틑�܄کu�ɑn�K�����X5�pr$���D)r��T���G��H� �C"W��

Related news

Chinese APT Group Is Ransacking Japan's Secrets

Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.

Chinese Hackers Target Japanese Firms with LODEINFO and NOOPDOOR Malware

Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three years. Israeli cybersecurity company Cybereason is tracking the campaign under the name Cuckoo Spear,

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE