292 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-31743
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML...
Linux Distros Unpatched Vulnerability : CVE-2022-31745
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox 101. CVE-2022-317...
Linux Distros Unpatched Vulnerability : CVE-2022-31739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths tha...
Linux Distros Unpatched Vulnerability : CVE-2022-31737
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability...
PT-2025-26171 · Open5Gs · Open5Gs
Name of the Vulnerable Software and Affected Versions: open5gs versions 2.7.2 and earlier Description: A missing length check in the ogs pfcp subnet add function from the PFCP library allows a local attacker to cause a Buffer Overflow by changing the session.dnn field with a value with length...
CVE-2022-1887
The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS 101...
CVE-2019-3931
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root...
CVE-2019-3936
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this vulnerability to stop an acti...
CVE-2019-3938
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any...
CVE-2019-3934
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code...
CVE-2019-3937
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data...
CVE-2019-3932
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uartbridge...
CVE-2019-3928
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter...
CVE-2019-15387
The Archos Core 101 Android device with a build fingerprint of archos/MTKAC101CR3GARCHOS/ac101cr3g:7.0/NRD90M/20180611.034442:user/release-keys contains a pre-installed app with a package name of com.roco.autogen app versionCode=1, versionName=1 that allows any app co-located on the device to...
CVE-2019-3925
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...
SUSE CVE-2024-53271
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to...
PT-2024-9686 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.31.5 Envoy versions prior to 1.32.3 Description: The issue is related to the incorrect implementation of the control flow when handling HTTP responses in the Envoy proxy server. This can lead to downstream failures i...
Juniper JunOS Malformed TCP Option
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Juniper JunOS Malformed TCP Option', 'Description' = %q This module exploits a denial of service vulnerability in Juniper Network's JunOS router...
101.cz Cross Site Scripting vulnerability OBB-3872489
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
D-Link GO-RT-AC750 Security Vulnerability
The D-Link GO-RT-AC750 is a wireless dual-band simple router from China-based AUO D-Link. A security vulnerability exists in the D-Link GO-RT-AC750 GORTAC750A1FWv101b03 version, which stems from the use of hard-coded passwords. An attacker could exploit this vulnerability to gain root access via ...