128 matches found
Race condition
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...
CVE-2022-23653
Summary (CVE-2022-23653): The B2 Command Line Tool (Linux/Mac) up to v3.2.0 stores API keys and bucket mappings in a local file (account_info) during first run of authorize-account. A TOCTOU race window between file creation (world-readable) and permission tightening can allow a local attacker to...
CVE-2022-23651 b2-sdk-python TOCTOU application key disclosure
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...
CVE-2022-23651 b2-sdk-python TOCTOU application key disclosure
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...
CVE-2022-23651 b2-sdk-python TOCTOU application key disclosure
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use TOCTOU race...
CVE-2022-23651
The CVE-2022-23651 issue affects b2-sdk-python 1.14.0 and earlier on Linux/macOS, where SqliteAccountInfo stores API keys and bucket mappings in a local database file. The vulnerability is a TOCTOU race: the database file is created world-readable and briefly becomes private, allowing a local att...
b2-sdk-python 安全漏洞
b2-sdk-python is a Python library for accessing B2 cloud storage. A security vulnerability exists in b2-sdk-python, which stems from the fact that under certain circumstances, a local attacker can exploit the vulnerability via a Time Checking Time of Use TOCTOU contention condition...
The vulnerability of the microprogrammed software of the D-Link DIR-605L B2 network device, related to insufficient protection of registration data, allows a intruder to gain unauthorized access to the protected information.
The vulnerability of the D-Link DIR-605L B2 network device’s microprogramming software is related to insufficient protection for registration data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by sending a request...
CVE-2021-40655
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...
CVE-2021-40655
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page...
CVE-2021-40655
CVE-2021-40655 affects the D-Link DIR-605 series (DIR-605/B2, firmware 2.01MT). The issue is an information-disclosure vulnerability where an unauthenticated attacker can obtain a router username and password by forging a POST request to the /getcfg.php endpoint. The NVD/Nuclei/NASL/NIST referenc...
Denial of Service Vulnerability in ZoomInnovation Conexant C2000-B2-SFE0101-BB1 Serial Server
The C2000-B2-SFE0101-BB1 Serial Server is a serial device networking server. A denial of service vulnerability exists in the ZoomInnovation Conexant C2000-B2-SFE0101-BB1 Serial Server, which can be exploited by an attacker to cause a denial of service...
CVE-2020-9278
An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL...
Stack overflow
An issue was discovered on D-Link DSL-2640B B2 EU4.01B devices. The function docgi, which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with...
Denial of Service Vulnerability in C2000-B2-SFE0101-BB1 Serial Port Server
The C2000-B2-SIE0101-BB1 is an industrial-grade serial device networking server. A denial of service vulnerability exists in the C2000-B2-SFE0101-BB1 serial server that can be exploited by an attacker to cause the server to deny service...
b2.astrosage.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1004174 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Mitsubishi QJ71E71-B2 Communications Adapter Detection
Binary data 761516.prm...
eservice.gov.bd XSS vulnerability
Open Bug Bounty ID: OBB-442714 Description| Value ---|--- Affected Website:| eservice.gov.bd Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
firefox security update
45.8.0-2.0.1 - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat files 45.8.0-2 - Update to 45.8.0 ESR B2 45.8.0-1 - Update to 45.8.0 ESR 45.7.0-2 - Enabled ppc/s390 arches rhbz1418765...
Denial of Service Vulnerability in Multiple Mitsubishi Electric MELSEC-Q Series Products
Mitsubishi Electric is a Japanese company. The affected products, QJ71E71-100, QJ71E71-B5 and QJ71E71-B2, are Ethernet interface modules used to connect MELSEC-Q series programmable controllers to host networks. A denial of service vulnerability exists in multiple Mitsubishi Electric MELSEC-Q...