Amazon Linux AMI : cups (ALAS-2023-1796)

The version of cups installed on the remote host is prior to 1.4.2-67.23. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1796 advisory. OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow ...

Amazon Linux 2 : cups (ALAS-2023-2184)

The version of cups installed on the remote host is prior to 1.6.3-51. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2184 advisory. OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a...

CUPS < 2.4.3 DoS Vulnerability

CUPS is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openprinting:cups"; if...

CVE-2023-39964

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the...

CVE-2023-39001

A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...

CVE-2023-39001

A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...

CVE-2023-23903

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention...

CVE-2023-23903

CVE-2023-23903 affects Nozomi Guardian/CMC (before v22.6.2). An authenticated administrator can upload a SAML configuration file with the wrong format, and the application does not validate the correct file format. This causes a Denial of Service where every subsequent request renders the applica...

Nozomi Networks Guardian Security Breach

Nozomi Networks Guardian is an IoT device and software inspection system from Nozomi Networks, USA. Nozomi Networks Guardian suffers from a security vulnerability that originates from an authenticated administrator being able to upload an incorrectly formatted SAML configuration file without the...

CVE-2023-39001

A command injection vulnerability in the component diagbackup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file...

Medium: cups

Issue Overview: OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service DoS attack. A buffer overflow vulnerability in the function formatlogline could allow remote attackers...

ShuiZe_0x727 Code Injection Vulnerability

ShuiZe0x727 is an information gathering automation tool from the 0x727 team. A security vulnerability exists in ShuiZe0x727 v1.0, which stems from a Remote Command Execution RCE vulnerability in component/iniFile/config.ini...

CVE-2023-3749

A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation...

CVE-2023-3749

A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation...

Design/Logic Flaw

A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation...

CVE-2023-3749

Vulnerability summary (CVE-2023-3749): In Sensormatic Electronics/Johnson Controls VideoEdge, versions prior to 6.1.1 allow a local user to edit the VideoEdge configuration file, enabling interference with VideoEdge operation due to a flaw described as accepting extraneous untrusted data with tru...

CVE-2023-3749 VideoEdge config

A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation...

Sensormatic Electronics VideoEdge

1. EXECUTIVE SUMMARY ​CVSS v3 7.1 ​ATTENTION: Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: VideoEdge ​Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION ​Successful exploitation of this...

Dango-Translator Command Injection Vulnerability

Dango-Translator is an OCR-based raw meat translation software by the individual developer of Fatty Duanzi PantsuDango. A security vulnerability exists in Dango-Translator version 4.5.5, which stems from a Remote Command Execution RCE vulnerability in the component app/config/cloudconfig.json...

Moxa EDS-G516E and EDS-510E Series Ethernet Switches Weak Password Requirements (CVE-2020-6991)

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...