#vulnerability

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Service Suite Vulnerabilities: Use of Less Trusted Source, Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), Integer Overflow or Wraparound, Out-of-bounds Write, Allocation of Resources Without Limits or Throttling, Exposure of Sensitive Information to an Unauthorized Actor, Memory Allocation with Excessive Size Value, Out-of-bounds Read, Uncontrolled Resource Consumption, Improper Resource Shutdown or Release, Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to compromise the confidentiality, integrity, or availability of affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: Service Suite: Versions 9.8.1.3 and prior 3.2 VULN...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Series Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION Successful exploitation of this vulnerability can allow an attacker to reboot the device and cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: Relion 670/650/SAM600-IO series: Versions 2.2.2.0 up to but not including 2.2.2.6 Relion 670/650/SAM600-IO series: Versions 2.2.3.0 up to but not including 2.2.3.7 Relion 670/650/SAM600-IO series: Versions 2.2.4.0 up to but not including 2.2.4.4 Relion 670/650/SAM600-IO series: Versions 2.2.5.6 up to but not including 2.2.5.6 Relion 670/650/SAM600-IO series: 2.2.0.x Relion 670/650/SAM600-IO series: 2.2.1.x 3.2 VULNERABILITY OVERVIEW 3.2.1 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-12...

Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations.

Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.

Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data.

**According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires a user to open a specially crafted file from the attacker to initiate remote code execution.

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.