138 matches found
O-RAN E2T 安全漏洞
O-RAN E2T is an application from O-RAN, Inc. A security vulnerability exists in O-RAN E2T that stems from a possible crash in the indicator increment function...
PT-2023-17420 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the remote access SSL VPN feature could allow an...
RIC Message Router 安全漏洞
The RIC Message Router is a component that transfers messages between RAN Radio Access Network Intelligent Controllers in 5G networks. A security vulnerability exists in RIC Message Router version v.4.9.0, which stems from a buffer overflow vulnerability that could allow a remote attacker to caus...
CVE-2023-3519
Unauthenticated remote code execution Recent assessments: rbowes-r7 at July 19, 2023 9:42pm UTC reported: Note that the analysis before is for a separate issue – either a silently-patched vuln or some cleanup. We’ve posted a Rapid7 Analysis with the full details, so check that out! I spent some...
CVE-2023-25188
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell which is by default disabled allows unauthenticated access from...
Nokia Airscale ASIKA Single RAN 信任管理问题漏洞
Nokia Airscale ASIKA Single RAN is an application for end-to-end use by Nokia of Finland. A security vulnerability exists in NOKIA Airscale ASIKA Single RAN prior to version 21B, which stems from a debugger that does not change the default SSH public/private key values specific to the network...
Nokia Airscale ASIKA Single RAN 路径遍历漏洞
Nokia Airscale ASIKA Single RAN is an application for end-to-end use by Nokia of Finland. A security vulnerability exists in NOKIA Airscale ASIKA Single RAN prior to version 21B. An attacker can exploit the vulnerability to access files and directories stored outside the web root folder...
CVE-2022-22512 VARTA: Multiple devices prone to hard-coded credentials
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network...
CVE-2022-31696
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox...
CVE-2022-25690
Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...
CISA and NSA Publish Open Radio Access Network Security Considerations
CISA and the National Security Agency NSA have published Open Radio Access Network Security Considerations. This product—generated by the Enduring Security Framework ESF Open Radio Access Network RAN Working Panel, a subgroup within the cross-sector working group—assessed the benefits and securit...
DSK DSKNet 跨站脚本漏洞
DSK DSKNet is a data interaction program from DSK Japan. Their time and attendance data can be accessed interactively from any site connected to your network. A security vulnerability exists in DSK DSKNet versions 2.16.136.0 and 2.17.136.5, which stems from a new menu option in the General...
D-Link DIR-850 授权问题漏洞
The D-Link DIR-850 is a wireless router from AUO D-Link of Taiwan, China. An authorization issue vulnerability exists in D-Link DIR-850L 1.21WW. An attacker can exploit this vulnerability to access the network by sending packets on data frames to the AP...
PT-2022-4878 · Qualcomm · Snapdragon Connectivity +8
Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions affected versions not specified Snapdragon Auto versions affected versions not specified Snapdragon Compute versions affected versions not specified Snapdragon Connectivity versions affected versions not specified...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2020)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
CPE-WiFi is vulnerable to information leakage
Ltd. is a high-tech enterprise that provides a full line of products required for mainstream access network technology. CPE-WiFi has an information leakage vulnerability that can be exploited by attackers to obtain sensitive information...
CVE-2020-14581
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...
CVE-2020-2655
Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this...
Moxa AWK-3121 Series ICSA-19-337-02 Multiple Security Vulnerabilities
Description Moxa AWK-3121 Series is prone to the following security vulnerabilities: 1. Multiple information-disclosure vulnerabilities 2. A security-bypass vulnerability 3. Multiple buffer-overflow vulnerabilities 4. A cross-site request-forgery vulnerability 5. Multiple command-injection...