Lucene search
K

869 matches found

CNNVD
CNNVD
added 2023/02/03 12:0 a.m.3 views

WAVLINK WL-WN530H4 安全漏洞

WAVLINK WL-WN530H4 is a router from China RuiYin Technology WAVLINK. A security vulnerability exists in WAVLINK WL-WN530H4 M30H4.V5030.210121 version, which originates from an access control issue in the component /cgi-bin/ExportLogs.sh, and can be exploited by an attacker to download configurati...

7.5CVSS7.3AI score0.03284EPSS
Exploits1References3
CVE
CVE
added 2023/02/03 12:0 a.m.65 views

CVE-2022-48165

CVE-2022-48165 affects Wavlink WL-WN530H4 M30H4.V5030.210121; the vulnerable component is /cgi-bin/ExportLogs.sh, enabling unauthenticated access to download configuration data, log files, and admin credentials. The Connected documents corroborate improper access control and potential for unautho...

7.5CVSS7.5AI score0.03284EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2023/01/27 10:55 a.m.43 views

3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox

Orcus is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. --- ANY.RUN's top...

0.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/01/23 3:29 p.m.2 views

libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

A flaw was found in LibreOffice, where the required initialization vector for encryption was always the same. Stored passwords are encrypted with a single master key provided by the user. This issue weakens the security of the encryption, making them vulnerable if an attacker has access to the...

7.5CVSS5.7AI score0.00798EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/01 12:0 a.m.7 views

CVE-2022-3711

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall releases older than version 19.5 GA...

4.3CVSS5.1AI score0.00698EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/01 12:0 a.m.6 views

Sophos Firewall SQL注入漏洞

Sophos Firewall is a firewall from Sophos UK. A SQL injection vulnerability exists in versions prior to Sophos Firewall 19.5GA that allows an API client to read the contents of its user's configuration database via SQL injection...

4.3CVSS5.4AI score0.00698EPSS
Exploits0References3
CNVD
CNVD
added 2022/11/30 12:0 a.m.29 views

WAVLINK WN531G3 Access Control Error Vulnerability

The WAVLINK WN531G3 is a wireless router from China's RuiYin Technology WAVLINK. The WAVLINK WN531G3 M31G3.V5030.201204 version and M31G3.V5030.200325 version contain an access control error vulnerability that can be exploited by an attacker to download configuration data and log files...

7.5CVSS7.5AI score0.02756EPSS
Exploits1References1
OSV
OSV
added 2022/11/29 5:15 p.m.3 views

CVE-2022-44356

WAVLINK Quantum D4G WL-WN531G3 running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files...

7.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2022/11/29 5:15 p.m.33 views

CVE-2022-44356

WAVLINK Quantum D4G WL-WN531G3 running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files...

7.5CVSS0.02756EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/11/29 12:0 a.m.19 views

WAVLINK WN531G3 安全漏洞

The WAVLINK WN531G3 is a wireless router from China's RuiYin Technology WAVLINK. The WAVLINK WN531G3 M31G3.V5030.201204 version and M31G3.V5030.200325 version contain an access control error vulnerability that can be exploited by an attacker to download configuration data and log files...

7.5CVSS6.8AI score0.02756EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.4 views

PT-2022-27192 · Wavlink · Wavlink Quantum D4G

Name of the Vulnerable Software and Affected Versions: WAVLINK Quantum D4G WL-WN531G3 versions M31G3.V5030.200325 through M31G3.V5030.201204 Description: The issue allows unauthenticated attackers to download configuration data and log files due to an access control problem. Recommendations: For...

7.5CVSS7.5AI score0.02756EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/11/29 12:0 a.m.5 views

CVE-2022-44356

WAVLINK Quantum D4G WL-WN531G3 running firmware versions M31G3.V5030.201204 and M31G3.V5030.200325 has an access control issue which allows unauthenticated attackers to download configuration data and log files...

7.8AI score0.02756EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2022/11/07 12:0 a.m.33 views

Siemens SINUMERIK ONE and SINUMERIK MC Insufficiently Protected Credentials (CVE-2022-38465)

A vulnerability has been identified in SIMATIC Drive Controller family All versions V2.9.2, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions V21.9, SIMATIC S7-1200 CPU family incl...

9.3CVSS7.6AI score0.00217EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/14 12:0 a.m.4 views

GoCD 安全漏洞

GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions prior to 21.1.0 that stems from the fact that GoCD discloses the symmetric key used to encrypt/decrypt any security variables/secrets in the GoCD configuration to an authenticated agent, a malicious/compromised...

6.5CVSS6.5AI score0.0077EPSS
Exploits0References5
NVD
NVD
added 2022/10/07 3:15 p.m.15 views

CVE-2022-39849

Improper access control in knoxvpnpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...

3.3CVSS0.00081EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/10/07 3:15 p.m.2 views

CVE-2022-39849

Improper access control in knoxvpnpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...

3.3CVSS5.8AI score0.00081EPSS
Exploits0References2
OSV
OSV
added 2022/10/07 3:15 p.m.3 views

CVE-2022-39849

Improper access control in knoxvpnpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...

3.3CVSS5.8AI score0.00081EPSS
Exploits0References1
NVD
NVD
added 2022/10/07 3:15 p.m.16 views

CVE-2022-39850

Improper access control in mumcontainerpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...

3.3CVSS0.00081EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/10/07 3:15 p.m.3 views

CVE-2022-39850

Improper access control in mumcontainerpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...

3.3CVSS5.8AI score0.00081EPSS
Exploits0References2
Prion
Prion
added 2022/10/07 3:15 p.m.11 views

Improper access control

Improper access control in knoxvpnpolicy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data...

1.7CVSS4.1AI score0.00081EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder