ECHO-5136-5B45-28CC

Bulletin has no description...

CVE-2025-5136

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

CVE-2025-5136 Tmall Demo Payment Identifier pay random values

A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is possible to initiate the attack...

CVE-2025-5136

CVE-2025-5136 affects Tmall Demo up to 20250505 in the Payment Identifier Handler, specifically the file path /tmall/order/pay/. The root issue is insufficiently random values in the payment identifier, enabling remote attack; attack vector is NETWORK with HIGH complexity and NONE authentication....

CVE-2013-5136

Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network...

CVE-2009-5136

The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANTSUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service condorstartd exit via a crafted job...

CVE-2024-5136

creationtimestamp| type| source ---|---|--- 2025-02-21 22:10:44+00:00| seen| Telegram/hlp5xDAQKlTB0eHnEDM15ndyOCOYSxOPPHcAyBC3TplKiBh...

CVE-2019-5136

An exploitable privilege escalation vulnerability exists in the iwconsole functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send command...

RHEL 7 : openssl (RHSA-2024:5136)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5136 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

CVE-2024-5136 PHPGurukul Directory Management System search-directory.php. cross site scripting

A vulnerability classified as problematic has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /admin/search-directory.php.. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2023-5136

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file...

CVE-2023-5136

The connected advisories confirm a vulnerability in NI DIAdem GPX processing via the TopoGrafix DataPlugin for GPX. The root cause is an XML External Entity (XXE) handling flaw that allows a crafted GPX file to cause the XML parser to fetch and embed external content, leading to information discl...

CVE-2023-5136 Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file...

SUSE CVE-2012-5136

Google Chrome before 23.0.1271.91 does not properly perform a cast of an unspecified variable during handling of the INPUT element, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5136-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5136-1 advisory. It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use...

CVE-2020-5136

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service DoS in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3,...

CVE-2020-5136

CVE-2020-5136 is a buffer overflow in SonicOS that can be exploited by an authenticated attacker to cause a Denial of Service and a firewall crash affecting SSL-VPN and the virtual assist portal. Affected platforms include SonicOS Gen 5 (versions 5.9.1.7, 5.9.1.13), Gen 6 (versions 6.5.4.7, 6.5.1...

SonicOS SSLVPN and Virtual assist service authenticated buffer overflow leads to firewall crash

A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service DoS in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3 and...

Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020 CVE: CVE-2019-5136 Background Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device. Problem A privilege escalation vulnerability exists in the iwconsole functionality where a specially crafted menu selection string can cause an escape from the restricted consol...

CVE-2019-5136

CVE-2019-5136 affects Moxa AWK-3131A (firmware v1.13). The iw_console privilege-escalation flaw allows a low-privilege, authenticated user to craft a menu selection that escapes the restricted console and gains root access. CVSSv3 base score 8.8 (NETWORK, LOW attack complexity, Privileges Require...