Unauthorized Access Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-34720)

Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. An unauthorized access vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co.,...

CVE-2024-22062

There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration...

CVE-2024-22062 Permissions and Access Control Vulnerability in ZTE ZXCLOUD IRAI

There is a permissions and access control vulnerability in ZXCLOUD IRAI.An attacker can elevate non-administrator permissions to administrator permissions by modifying the configuration...

CVE-2024-22062

Public technical details (affected products/versions/root cause/patches) for CVE-2024-22062 are not provided in the supplied documents. Monitor for updates from vendors and security bulletins.

ZOHO ManageEngine ADAudit Plus Security Bypass Vulnerability

ZOHO ManageEngine ADAudit Plus is ZOHO's solution for simplifying audits, proving compliance and detecting threats. A security bypass vulnerability exists in ZOHO ManageEngine ADAudit Plus versions prior to 7270, which can be exploited by an attacker to modify agent configuration...

CVE-2024-36036 Insufficient Access Control Vulnerability

Zoho ManageEngine ADAudit Plus versions 7260 and below allows unauthorized local agent machine users to access sensitive information and modifying the agent configuration...

Arc 安全漏洞

ARC is a software package for creating and maintaining file archives. A security vulnerability exists in versions prior to Arc v1.6.0 that stems from a lack of authentication, where a local attacker may be able to extract sensitive information or change the configuration...

Mitel 6800 SIP 和 6900 SIP 安全漏洞

Mitel 6800 SIP and Mitel 6900 SIP are both products of Mitel Canada.Mitel 6800 SIP is a 6800 SIP series IP phone.Mitel 6900 SIP is a 6900 SIP series IP phone. A security vulnerability exists in the Mitel 6800 SIP and 6900 SIP that stems from insufficient boundary checking, and successful...

CVE-2024-31966

The CVE-2024-31966 issue affects Mitel 6800 Series and 6900 Series SIP Phones (through 6.3 SP3 HF4), Mitel 6900w Series SIP Phone (through 6.3.3), and Mitel 6970 Conference Unit (through 5.1.1 SP8). The root cause is insufficient parameter sanitization, allowing an authenticated attacker with adm...

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated...

CVE-2023-45744

A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2023-45744

A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2023-45744

CVE-2023-45744 affects Peplink Smart Reader v1.2.0 (QEMU). The web interface feature /cgi-bin/upload_config.cgi is vulnerable: a specially crafted unauthenticated HTTP request can modify configuration, indicating a data integrity issue. Red Hat CVE entries (CVE-2023-45744 and related RH CVEs) con...

CVE-2023-45744

A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

Peplink Smart Reader 访问控制错误漏洞

Peplink Smart Reader is a smart reader from Peplink Inc. It is used for employee time and attendance. An access control error vulnerability exists in Peplink Smart Reader version v1.2.0, which stems from the presence of a data integrity vulnerability that could lead to configuration modifications...

unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...

GamiPress < 6.8.9 - Broken Access Control

Description The plugin's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privileged users, like Subscribers, despite initial settings prohibiting such access. This vulnerability resembles broken acces...

go2rtc 安全漏洞

go2rtc is an ultimate camera streaming application by Alex X Personal Developer that supports RTSP, RTMP, HTTP-FLV, WebRTC, MSE, HLS, MP4, MJPEG, HomeKit, FFmpeg and more. A security vulnerability exists in go2rtc 1.8.5 and earlier versions, which stems from the /api/config endpoint that allows...

CVE-2024-1488 Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...

CVE-2024-1488

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...