MAL-2024-10675 Malicious code in ax-proxy-fix (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 530cf2448f8a75d570e3dacd158740f4338e093c63aba432c8d875ca4e0219e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of GL.iNet China.GL.iNet MT3000 is an AX3000 portable router using Wi-Fi 6 protocol.GL.iNet MT2500 is a router.GL.iNet MT6000 is a router.GL.iNet MT6000 is a router. A security vulnerability exists in several GL.iNet products. An attacker could exploit the...

GL.iNet多款产品 安全漏洞

GL.iNet MT3000 and others are products of China's GL.iNet GL.iNet.GL.iNet MT3000 is an AX3000 portable router that uses the Wi-Fi 6 protocol.GL.iNet AXT1800 is a router.GL.iNet MT2500 is a router.GL.iNet AXT1800 is a router.GL.iNet AXT1800 is a router.GL.iNet MT2500 is a router.GL.iNet MT2500 is ...

A10 Networks AX Loadbalancer Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'A10 Networks AX Loadbalancer Directory Traversal', 'Description' = %q This module exploits a directory traversal flaw found in A10 Networks Soft ...

PT-2024-22969 · Sportsnet · Sportsnet

Name of the Vulnerable Software and Affected Versions: SportsNET version 4.0.1 Description: The issue concerns SQL injection vulnerabilities that could allow an attacker to retrieve, update, and delete all information in the database by sending a specially crafted SQL query to the endpoint:...

SUSE CVE-2022-1205

A NULL pointer dereference flaw was found in the Linux kernel's Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system...

CVE-2023-45591

A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “loggergeneric” function of the “Axrtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service DoS condition, possibly in the execution of arbitra...

PT-2024-13255 · Unknown · Ailux Imx6 Bundle

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A heap-based buffer overflow vulnerability in the logger generic function of the Ax rtu binary allows a remote authenticated attacker to trigger a memory corruption. This may resul...

Various GL.iNet products Security Breach

GL.iNet MT6000 and others are products of China's GL.iNet GL.iNet. GL.iNet MT6000 is a router. GL.iNet XE3000 is an intelligent router. A security vulnerability exists in several GL.iNet products, which stems from a vulnerability that allows an attacker to obtain critical user information by...

CVE-2024-1309

Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1...

Code injection

Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1...

CVE-2024-1309 Resource Consumption Identified in NTP before 4.2.4p8 and 4.2.5

Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1...

axhosting.net Improper Access Control vulnerability OBB-3850266

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-0320

CVE-2024-0320 is a Cross-Site Scripting issue in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. The vulnerability allows an attacker to inject a crafted JavaScript payload via the application URL to retrieve a user’s session details. Public details consistently reference this vulne...

PT-2024-14303 · Tenda · Tenda Ax3

Name of the Vulnerable Software and Affected Versions: Tenda AX3 version 16.03.12.11 Description: A remote code execution issue was discovered via the list parameter at the "/goform/SetNetControlList" API endpoint. Recommendations: For Tenda AX3 version 16.03.12.11, as a temporary workaround,...

The vulnerability of the authentication function of ASUS RT-AX55 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the authentication function of ASUS RT-AX55 router software exists due to the failure to take measures to neutralize the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

acryl-datahub-gx-plugin (>=0.14.0.3 <=1.1.1rc4), aepsych (>=0.3.0 <=0.4.0) +288 more potentially affected by CVE-2023-49080 via jupyter-server (>=0.0.5 <=2.10.1)

jupyter-server PYPI version =0.0.5, =0.14.0.3, =0.3.0, =0.1.0b0, =1.3.4, =0.18.3, =1.0.1, =0.1.0, =0.2.2, =0.0.2, =0.0.2, =0.0.11 and more Source cves: CVE-2023-49080 Source advisory: OSV:PYSEC-2023-272...

CVE-2020-19318

Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program...

CVE-2020-19318

CVE-2020-19318 affects D-Link DIR-605L (hardware AX; firmware 1.17beta and below). Root cause is a buffer overflow in the webserver service program, allowing an authenticated attacker to remotely execute arbitrary code by sending crafted data. Remediation, where documented, is to upgrade to a fir...

Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added three flaws to the Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The security vulnerabilities are as follows - CVE-2023-1389 CVSS score: 8.8 - TP-Link Archer AX-21 Command Injection...