JRuby-OpenSSL has hostname verification disabled by default

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

CVE-2022-42305

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service...

Veritas NetBackup 路径遍历漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection for metadata, virtual environments, and other environmental data. A path traversal...

PT-2022-26356 · Veritas · Veritas Netbackup

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions prior to 10.0.0.1 Description: An issue was discovered that makes the NetBackup Primary server vulnerable to an XML External Entity XXE injection attack through the nbars process. Recommendations: For versions prior...

Veritas NetBackup 代码问题漏洞

Veritas NetBackup is a storage service used by Veritas, Inc. to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup 10.0.0.1 and previous versions are vulnerable to XML external entity injection, which stems from the fact that the DiscoveryService service does...

PT-2022-26362 · Veritas · Netbackup

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions through 10.0.0.1 Description: An issue was discovered that makes the NetBackup Primary server vulnerable to an XML External Entity XXE Injection attack. This attack is possible through the DiscoveryService service...

PT-2022-26354 · Veritas · Netbackup

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions prior to 10.0.0.1 Veritas related products affected versions not specified Description: An issue was discovered that makes the NetBackup Primary server vulnerable to a denial of service attack through the...

Design/Logic Flaw

Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone knowing the device's serial number to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password for the verizon username is calculated by concatenating the serial number and the model i.e., the LVSKIHP string...

Verizon LVSKIHP 5G 授权问题漏洞

The Verizon LVSKIHP 5G is a 5G Internet gateway from Verizon USA. A security vulnerability exists in the Verizon LVSKIHP 5G external device in versions prior to 2022-02-15, which allows an attacker who knows the serial number of the device to access the CPE management website, such as the 10.0.0....

CVE-2021-22304

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...

CVE-2021-22293

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1,...

Design/Logic Flaw

There is a use after free vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash,...

Design/Logic Flaw

There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service...

CVE-2021-22293

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1,...

Huawei Taurus-AL00A 资源管理错误漏洞

The Huawei Taurus-AL00A is a smartphone from the Chinese company Huawei Huawei. A memory misreference vulnerability exists in Huawei Taurus-AL00A version 10.0.0.1 C00E1R1P1. The vulnerability arises because a module references freed memory when the program is processing certain messages. An...

Huawei Taurus-AL00A 缓冲区错误漏洞

The Huawei Taurus-AL00A is a smartphone from the Chinese company Huawei Huawei. An out-of-bounds read vulnerability exists in Huawei Taurus-AL00A version 10.0.0.1 C00E1R1P1. The vulnerability stems from the program not properly validating certain inputs. An attacker can exploit the vulnerability ...

Design/Logic Flaw

There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1C00E1R1P1. A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privileg...

CVE-2020-9087

Taurus-AL00A version 10.0.0.1C00E1R1P1 has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak...

CVE-2020-9087

Taurus-AL00A version 10.0.0.1C00E1R1P1 has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak...

CVE-2020-9087

CVE-2020-9087 affects Huawei Taurus-AL00A smartphones (version 10.0.0.1, build C00E1R1P1). The vulnerability is an out-of-bounds read in the XFRM module caused by insufficient parameter validation, allowing an authenticated, local attacker to trigger an information leak. Documents consistently de...