CVE-2023-46845

EC-CUBE 3 series 3.0.0 to 3.0.18-p6 and 4 series 4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2 contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where...

Crestron 3-Series 安全漏洞

Crestron 3-Series is an enterprise-class control system for residential, commercial, and government applications from Crestron, Inc. A security vulnerability exists in Crestron 3-Series Control Systems prior to version 1.8001.0187, which stems from a specific BACnet packet that could cause a syst...

CVE-2023-38405

CVE-2023-38405 affects Crestron 3-Series Control Systems prior to version 1.8001.0187. A device crash can be triggered by crafting and sending a specific BACnet packet to the system. The public materials describe the issue as a crash caused by a malformed BACnet packet, with remediation guidance ...

Design/Logic Flaw

OpenBlocks IoT VX2 prior to Ver.4.0.0 Ver.3 Series allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors...

CVE-2020-5536

OpenBlocks IoT VX2 prior to Ver.4.0.0 Ver.3 Series allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors...

CVE-2020-5535

OpenBlocks IoT VX2 prior to Ver.4.0.0 Ver.3 Series allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors...

squid -- TLS/SSL parser denial of service vulnerability

Amos Jeffries, release manager of the Squid-3 series, reports: Vulnerable versions are 3.5.0.1 to 3.5.8 inclusive, which are built with OpenSSL and configured for "SSL-Bump" decryption. Integer overflows can lead to invalid pointer math reading from random memory on some CPU architectures. In the...