CVE-2024-20442

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. An attacker...

CVE-2022-20442

In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

CVE-2018-20442

Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests...

CVE-2019-20442

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...

CVE-2024-20442

creationtimestamp| type| source ---|---|--- 2024-10-02 19:42:49+00:00| seen| https://t.me/cvedetector/6860...

CVE-2023-37345 Kofax Power PDF J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Kofax Power PDF J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2023-37345 Kofax Power PDF J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Kofax Power PDF J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2022-20442

In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

Security Bulletin: IBM Security Verify Bridge uses a hard-coded key to encrypt the client secret (CVE-2021-20442)

Summary The obfuscation logic in IBM Security Verify Bridge ISVB relies on a hard-coded key to encrypt the client secret string. This means all ISVB users have the same encryption key. As of v1.0.5, ISVB has re-implemented its obfuscation logic so that each user gets assigned a unique key...

CVE-2021-20442

CVE-2021-20442 affects IBM Security Verify Bridge (ISVB). The issue is hard-coded credentials, including a hard-coded key used to encrypt the client secret, meaning all ISVB deployments prior to the fix rely on a shared credential. IBM notes that as of v1.0.5 ISVB re-implements its obfuscation so...

CVE-2019-20442

creationtimestamp| type| source ---|---|--- 2020-01-28 03:37:40+00:00| seen| https://t.me/cveNotify/491...

CVE-2019-20442

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in roleToAuthorize has been identified in the registry UI...

CVE-2019-20442

Root cause: Stored Cross-Site Scripting (XSS) in the registry UI of WSO2 products. Affected: WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. The XSS vulnerability is reported in roleToAuthorize handling. Impact: potential exp...

CVE-2018-20442

Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests...

CVE-2018-20442

CVE-2018-20442 affects Technicolor TC7110.B with STC8.62.02. The issue allows remote attackers to obtain Wi‑Fi credentials by sending SNMP requests to specific OIDs (iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32). This results in exposure of Wi‑Fi cr...