Song Tae-Hyun

#9246of 53,633
29.6Total CVSS
Vulnerabilities · 3
Critical
3
PT-2023-29692
9.8
2023-10-30
Yettiesoft · Vestcert · CVE-2023-45798
**Name of the Vulnerable Software and Affected Versions** Yettiesoft VestCert versions 2.36 to 2.5.29 **Description** A vulnerability exists in Yettiesoft VestCert due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution. **Recommendations** For Yettiesoft VestCert versions 2.36 to 2.5.29, consider disabling the loading of third-party modules until a patch is available to prevent remote code execution. Restrict access to the module loading functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-29693
9.8
2023-10-30
Xmlsoft · Mlsoft Tco!Stream · CVE-2023-45799
**Name of the Vulnerable Software and Affected Versions** MLSoft TCO!stream versions 8.0.22.1115 and below **Description** A vulnerability exists in MLSoft TCO!stream due to insufficient permission validation, allowing an attacker to make the victim download and execute arbitrary files. **Recommendations** For MLSoft TCO!stream versions 8.0.22.1115 and below, update to a version above 8.0.22.1115 to resolve the issue. As a temporary workaround, consider restricting access to sensitive features that may be exploited due to insufficient permission validation until a patch is available.
PT-2023-7358
10
2023-03-21
Dreamsecurity · Dreamsecurity Magicline4Nx · CVE-2023-45797
**Name of the Vulnerable Software and Affected Versions** DreamSecurity MagicLine4NX versions 1.0.0.1 through 1.0.0.26 **Description** The issue is related to a buffer overflow vulnerability. This vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information and potentially conduct a "Watering Hole" attack. The vulnerability allows an attacker to remotely execute code. There have been reports of a North Korean government-sponsored hacking group exploiting this vulnerability to install malware. **Recommendations** For DreamSecurity MagicLine4NX versions 1.0.0.1 through 1.0.0.26, update to a version that contains a fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.