EUVD-2024-30854

Malicious code in bioql PyPI...

CVE-2024-33109

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function...

CVE-2024-9312

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges...

CVE-2024-33109

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function...

CVE-2024-33109

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function...

CVE-2024-33109

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function...

PT-2024-25117 · Tiptel · Tiptel Ip 286

Name of the Vulnerable Software and Affected Versions: Tiptel IP 286 version 2.61.13.10 Description: The issue allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function in the web interface. This is due to a Directory Traversal vulnerability. Recommendations: For...

Tiptel IP 286 安全漏洞

The Tiptel IP 286 is a smart IP phone from Tiptel. A security vulnerability exists in Tiptel IP 286 firmware version 2.61.13.10, which originates from a directory traversal in the web interface that allows an attacker to overwrite arbitrary files on the phone via the ringtone upload feature...

CVE-2024-33109

CVE-2024-33109 affects Tiptel IP 286 (firmware 2.61.13.10). The vulnerability is a Directory Traversal in the web interface that enables an attacker to overwrite arbitrary files on the device through the Ringtone upload function. This is supported by multiple sources noting the same flaw and affe...

CVE-2024-33109

Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function...

Siemens Remote Connect Server

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Upgraded Q -> 2 from #286 [1704653766013]

Judge has assessed an item in Issue 286 as 2 risk. The relevant finding follows: L-02 Quorum for existing piece cannot be changed L-03 Token inflation gives advantage to new pieces --- The text was updated successfully, but these errors were encountered: All reactions...

Siemens SICAM P850 and P855 Devices Session Fixation (CVE-2022-40226)

A vulnerability has been identified in SICAM P850 All versions V3.10, SICAM P855 All versions V3.10. Affected devices accept user defined session cookies and do not renew the session cookie after login/logout. This could allow an attacker to take over another user's session after login. This plug...

[Important] [Security] Virtuozzo ReadyKernel patch 152.0 for Virtuozzo Hybrid Server 7.5

The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7.5. NOTE: No more updates are planned for the kernel 3.10.0-1160.21.1.vz7.174.13. Vulnerability id: RK-286 3.10.0-1160.21.1.vz7.174.13 to...

Design/Logic Flaw

An incorrect user management vulnerability CWE-286 in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin account is deleted...

CVE-2022-45857

The CVE-2022-45857 entry concerns Fortinet FortiManager’s VDOM creation component, where an incorrect user management (CWE-286) flaw may permit passwordless access to FortiGate via newly created VDOMs after the super_admin account is deleted. Affected are FortiManager versions 6.4.6 and below. Th...

CVE-2022-45857

An incorrect user management vulnerability CWE-286 in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin account is deleted...

Slackware Linux 15.0 / current python3 Vulnerability (SSA:2022-286-01)

The version of python3 installed on the remote host is prior to 3.9.15. It is, therefore, affected by a vulnerability as referenced in the SSA:2022-286-01 advisory. - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 Note that Nessus has not tested...

Xen INVLPG-like flushes may leave stale TLB entries privilege escalation (XSA-286)

A privilege escalation vulnerability exists in Xen x86 PV guest kernels due to mishandles invalidation of TLB entries An unauthenticated, local attacker x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during...

SUSE SLES12 Security Update : xen (SUSE-SU-2020:3631-1)

This update for xen fixes the following issues : bsc1178963 - stack corruption from XSA-346 change XSA-355 bsc1177409 - CVE-2020-27674: x86 PV guest INVLPG-like flushes may leave stale TLB entries XSA-286 bsc1177412 - CVE-2020-27672: Race condition in Xen mapping code XSA-345 bsc1177413 -...