MiracleLinux 4 : rpm-4.8.0-19.1.0.1.AXS4 (AXSA:2012-489:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-489:02 advisory. The RPM Package Manager RPM is a powerful command line driven package management system capable of installing, uninstalling,c verifying, querying, an...

MiracleLinux 4 : kernel-2.6.32-131.12.1.el6 (AXSA:2011-489:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-489:04 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

ABB Cylon Aspect 3.08.01 Active Debug Data Exposure

ABB Cylon Aspect 3.08.01 auth/ Active Debug Code Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: 3.08.01 Summary: ASPECT is an award-winning scalable building energy management and...

LevelOne WBR-6013 boa formSysCmd leftover debug code vulnerability

Talos Vulnerability Report TALOS-2023-1873 LevelOne WBR-6013 boa formSysCmd leftover debug code vulnerability July 8, 2024 CVE Number CVE-2023-49593 SUMMARY Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network...

Amazon Linux 2023 : aspnetcore-runtime-6.0, aspnetcore-targeting-pack-6.0, dotnet (ALAS2023-2024-489)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-489 advisory. Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 NET, .NET Framework, and Visual Studio Security Feature Bypass...

Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1764 Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34346 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A...

Yifan YF325 httpd debug credentials leftover debug code vulnerability

Talos Vulnerability Report TALOS-2023-1752 Yifan YF325 httpd debug credentials leftover debug code vulnerability October 11, 2023 CVE Number CVE-2023-32645 SUMMARY A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.020221108. A specially...

AZL-37127 CVE-2023-31486 affecting package perl for versions less than 5.34.1-489

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

Omron NJ/NX-series Machine Automation Controllers

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely, public exploits are available Vendor: Omron Equipment: NJ/NX-series Machine Automation Controllers Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain...

InHand Networks InRouter302 httpd port 4444 upload.cgi leftover debug code vulnerability

Talos Vulnerability Report TALOS-2022-1522 InHand Networks InRouter302 httpd port 4444 upload.cgi leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-29888 SUMMARY A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks...

InHand Networks InRouter302 console infct leftover debug code vulnerability

Talos Vulnerability Report TALOS-2022-1519 InHand Networks InRouter302 console infct leftover debug code vulnerability October 27, 2022 CVE Number CVE-2022-30543 SUMMARY A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A...

CVE-2023-31484 affecting package perl for versions less than 5.34.1-489

CVE-2023-31484 affecting package perl for versions less than 5.34.1-489. A patched version of the package is available...

Robustel R1510 clish art2 command execution vulnerability

Summary A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Robustel R1510 3.3.0...

Reolink RLC-410W "factory" binary firmware update vulnerability

Summary A firmware update vulnerability exists in the "factory" binary of reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions Reolink...

GitHub Security Lab: [Java] CWE-489: Query to detect main() method in Java EE applications

This bug was reported directly to GitHub Security Lab...

CVE-2019-14394

cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetchsslcertificatesforfqdns API SEC-489...

CVE-2019-14394

CVE-2019-14394 affects cPanel prior to 80.0.5 where the fetch_ssl_certificates_for_fqdns API can perform unsafe file operations in the context of the root account. Multiple connected sources confirm this vulnerability exists in cPanel and describes an unsafe file operation flaw exploitable locall...

Insteon Hub MPFS Upload Firmware Update Vulnerability(CVE-2018-3832)

Summary An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To...

Barracuda WAF V360 Firmware 8.0.1.014 Early Boot Root Shell Exploit

Firmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads to an early boot root shell. Firmware version 8.0.1.014 is affected. Title: Barracuda...

CVE-2017-9141

In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c...