CVE-2024-10606

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpteonboardsavefunctioncallback function in all versions up to, and including, 6.2.1. This makes it possible for...

CVE-2019-10606

Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917,...

WordPress WP Travel Engine Plugin <= 6.2.1 is vulnerable to Broken Access Control

Software WP Travel Engine Type Plugin Vulnerable versions = 6.2.1 Fixed in 6.2.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10606 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e46e3ce94c1a Credits Noah Stead TurtleBurg Requir...

CVE-2022-35403

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. This also affects Asset Explorer before 6977 with authentication...

Arbitrary file deletion

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. This also affects Asset Explorer before 6977 with authentication...

CVE-2020-10606

creationtimestamp| type| source ---|---|--- 2020-07-25 02:55:12+00:00| seen| https://t.me/cibsecurity/13663...

CVE-2020-10606

CVE-2020-10606 affects OSIsoft PI System (multiple products/versions). The issue is incorrect default permissions that allow a local attacker to access and potentially disclose, delete, or modify data if the machine processes PI System data from multiple users (e.g., shared workstations/terminal ...

OSIsoft PI System (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft Equipment: PI System Vulnerabilities: Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer...

CVE-2019-10606

Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917,...

CVE-2019-10606

CVE-2019-10606 describes an out-of-bounds access in the USB driver due to missing validation of the frame size provided by the user, affecting Qualcomm Snapdragon-based devices listed as Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial ...

CVE-2018-10606

CVE-2018-10606 affects LeviStudioU (Wecon LeviStudioU) with multiple heap-based buffer overflow vulnerabilities when processing specially crafted project files in LeviStudioU versions 1.8.29 and 1.8.44. The root cause is heap-based writes due to insufficient bounds checking in parsing project dat...

CVE-2016-10606

The CVE-2016-10606 issue affects grunt-webdriver-qunit, a Grunt plugin for running QUnit with WebDriver. The root cause is insecurely downloading a binary over HTTP, enabling an attacker with a privileged network position to intercept and substitute the binary, potentially leading to remote code ...

CVE-2016-10606

grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...

CVE-2017-10606

Version 4.40 of the TPM Trusted Platform Module firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration...

CVE-2017-10606

The CVE-2017-10606 entry concerns Juniper Networks SRX300 Series firewall TPM firmware 4.40. Connected CNVD-2017-32096 describes a vulnerability in TPM key generation that could allow an attacker to decrypt sensitive configuration data, affecting the SRX300 Series and no other platforms. The root...

CVE-2017-10606 SRX Series: Cryptographic weakness in SRX300 Series TPM Firmware

Version 4.40 of the TPM Trusted Platform Module firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration...