56 matches found
openjdk: Enhance array handling (Oracle CPU 2025-01)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be...
How to Create a Scan to Identify Remote Command Execution
This whitepaper covers how to create a scan in Perl to identify remote command execution in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid RCE problems at the code...
openjdk: Enhance array handling (Oracle CPU 2025-01)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be...
REST-APIs unintentionally enabled in Century Systems FutureNet NXR series routers
Overview FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial factory default configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server GUI or Web...
JDK: Integer conversion error leads to incorrect range check (8332644)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracl...
libvirt 代码问题漏洞
libvirt is a libvirt open source Linux API for implementing Linux virtualization features. it supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtualization products used for other operating systems. A code issue vulnerability exists in libvirt that stems...
The vulnerability of the application software interfaces of Session Smart Router and WAN Assurance, Session Smart Conductor, relates to bypassing the authentication process by using an alternative path or channel. This allows a perpetrator to gain full control over the device.
The vulnerability of the Application Programming Interface of routers like Session Smart Router and WAN Assurance, Session Smart Conductor, lies in the ability to bypass authentication procedures by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor,...
WordPress Plugin s2Member 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Cisco Nexus Dashboard 安全漏洞
Cisco Nexus Dashboard is a single console from Cisco, Inc. It can simplify the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard that stems from improper access control to specific API endpoints...
The vulnerability of the agent for Windows software used in automated programming and documentation creation for Unicam FX assembly, which allows a perpetrator to increase their privileges.
The vulnerability of the Windows software agent for automated programming and documentation generation for Unicam FX assembly is related to the improper use of privileged APIs. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the App Check software for detecting vulnerabilities in web applications, related to inadequate access control, allows a hacker to execute arbitrary code.
The vulnerability of the App Check tool, which verifies the implementation of application software interfaces, is related to deficiencies in access control. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...
OpenJDK: range check loop optimization issue (8314307)
Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...
CVE-2023-44113
Vulnerability of missing permission verification for APIs in the Designed for Reliability DFR module. Successful exploitation of this vulnerability may affect service confidentiality...
PT-2023-29108 · Unknown · Designed For Reliability (Dfr) Module
Name of the Vulnerable Software and Affected Versions: Designed for Reliability DFR module affected versions not specified Description: The issue concerns a missing permission verification for APIs in the Designed for Reliability DFR module. Successful exploitation of this issue may affect servic...
CVE-2023-39390
Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart...
CVE-2023-34166
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...
CVE-2022-36249
Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API...