4649 matches found
CVE-2024-42966
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh...
CVE-2024-42966
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh...
CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...
CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...
CVE-2024-7347
NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngxhttpmp4module and the mp4 directi...
TOTOLINK EX200 Buffer Overflow Vulnerability
The TOTOLINK EX200 is a 2.4G wireless N range extender designed to extend the coverage of existing Wi-Fi networks. A buffer overflow vulnerability exists in the TOTOLINK EX200. The vulnerability originates from the file /cgi-bin/cstecgi.cgi?action=save&setting The function getSaveConfig as...
CVE-2024-6975
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34...
CVE-2024-6975 Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34...
CVE-2024-6975
CVE-2024-6975 concerns Cato Networks Windows SDP Client prior to 5.10.34. The vulnerability is a local privilege escalation through the openssl configuration file, affecting the SDP Client component. Public sources in connected documents consistently describe a local-exploitation risk with no rem...
CVE-2024-6975 Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34...
Improper Restriction Of Security Token Assignment
github.com/KubeOperator/kubepi is vulnerable to Improper Restriction of Security Token Assignment. The vulnerability is due to an empty JWT key in the default configuration file, which allows for a bypass of the login verification and direct backend access...
CVE-2024-36111
KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the ke...
CVE-2024-36111 KubePi's JWT token validation has a defect
KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the ke...
How to Configure XenServer to Send System Alerts through Authenticated SMTP Servers
This article describes how to configure XenServer to send system alerts through SMTP servers that require authentication. Requirements Administrative access to a XenServer host console either directly, through SSH, or by using theConsoletab in XenCenter. Background Customers can configure XenServ...
Siemens SIMATIC WinCC和SIMATIC STEP 代码问题漏洞
Totally Integrated Automation Portal TIA Portal is PC software that offers the complete range of Siemens digital automation services, from digital planning and integrated engineering to transparent operation. A deserialization vulnerability in the Siemens Engineering Platforms catalog configurati...
CVE-2024-21778
A heap-based buffer overflow vulnerability exists in the configuration file mibinitvaluearray functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability...
CVE-2024-21778
A heap-based buffer overflow vulnerability exists in the configuration file mibinitvaluearray functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability...
CVE-2024-21778
A heap-based buffer overflow vulnerability exists in the configuration file mibinitvaluearray functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability...
PT-2024-19051 · Realtek · Realtek Rtl819X Jungle Sdk
Name of the Vulnerable Software and Affected Versions: Realtek rtl819x Jungle SDK version 3.4.11 Description: A heap-based buffer overflow vulnerability exists in the configuration file mib init value array functionality. A specially crafted .dat file can lead to arbitrary code execution. An...
Realtek rtl819x Jungle SDK configuration file mib_init_value_array heap-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2024-1911 Realtek rtl819x Jungle SDK configuration file mibinitvaluearray heap-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2024-21778 SUMMARY A heap-based buffer overflow vulnerability exists in the configuration file mibinitvaluearray...