Changing Information Technology RAVA certificate validation system 安全漏洞

Changing Information Technology RAVA certificate validation system Panorama Software RAVA certificate validation system website is a certificate validation system from China-based Changing Information Technology. A security vulnerability exists in the Changing Information Technology RAVA...

CVE-2020-8973

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, does not properly accept specially constructed requests. This allows an attacker with access to the network where the affected asset is located, to operate and change several parameters without having to be registered as a user...

DEBIAN-CVE-2022-42906

powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs gi...

WordPress Quiz And Survey Master plugin <= 7.3.4 - Insecure direct object references (IDOR) vulnerability

Insecure direct object references IDOR vulnerability leading to Changing of Quiz Content discovered by Ngo Van Thien Patchstack Alliance in WordPress Quiz And Survey Master plugin versions = 7.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at leas...

GSD-2022-1005377 KVM: x86/xen: Stop Xen timer before changing IRQ

KVM: x86/xen: Stop Xen timer before changing IRQ This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...

CVE-2022-23679

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...

CVE-2022-23680

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...

CVE-2022-23679

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...

PT-2022-16190 · Aruba · Arubaos-Cx Switches

Name of the Vulnerable Software and Affected Versions: ArubaOS-CX Switches versions 10.06.0200 and below ArubaOS-CX Switches versions 10.08.1060 and below ArubaOS-CX Switches versions 10.09.1020 and below ArubaOS-CX Switches versions 10.10.0002 and below Description: The issue is related to the...

Friday Squid Blogging: The Language of the Jumbo Flying Squid

The jumbo flying squid Dosidicus gigas uses its color-changing ability as a language: In 2020, however, marine biologists discovered that jumbo flying squid are surprisingly coordinated. Despite their large numbers, the squid rarely bumped into each other or competed for the same prey. The...

CVE-2022-36833

Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name...

CVE-2022-33745

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / val...

Honeywell Alerton Compass 安全漏洞

Honeywell Alerton Compass is a building automation system from USAHoneywell. From customizable navigation to quick access to building data. A security vulnerability exists in Honeywell Alerton Compass version 1.6.5, which can be exploited by an attacker to send a crafted packet to change the...

WordPress Social Share Buttons by Supsystic plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Social Share Buttons by Supsystic plugin versions prior to 2.2.4 are vulnerable to cross-si...

API Security: Best Practices for a Changing Attack Surface

API usage is skyrocketing. According to the latest State of the API Report, API requests increased by 56% last year to a total of 855 million, and Google says the growth isn’t expected to slow any time soon. APIs – short for application programming interfaces – are a critical component of how...

Friday Squid Blogging: Squid Changes Color from Black to Transparent

Neat video. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Silverstripe has Incorrect Default Permissions

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited...

CVE-2021-45900

Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOHAUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let ...

CVE-2021-45900

Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOHAUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let ...

Authentication flaw

An improper authentication vulnerability leading to information leakage was discovered in iptime NAS2dual. Remote attackers are able to steal important information in the server by exploiting vulnerabilities such as insufficient authentication when accessing the shared folder and changing user’s...