PT-2024-26323 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.0 LTS through 9.3 CD Description: The issue is a denial of service attack caused by an error applying configuration changes. Recommendations: For IBM MQ versions 9.0 LTS through 9.3 CD, update to a version that includes the...

PT-2024-15930

Name of the Vulnerable Software and Affected Versions Elektraweb versions prior to 17.0.68 Description The issue is related to improper access control, missing authorization, and incorrect permission assignment for critical resources. It allows for exploiting incorrectly configured access control...

CVE-2024-23767

An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol allows unauthenticated changes to a device's network configurations...

CVE-2023-5935

CVE-2023-5935 affects Arc prior to v1.6.0. During initial/configuration time, Arc exposes a local web interface without authentication. A local attacker or malware active at that window can extract sensitive information or alter Arc’s configuration, and may achieve arbitrary code execution via a ...

Missing authentication for local web interface in Arc before v1.6.0

Summary When configuring Arc e.g. during the first setup, a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attacker or malware running on the machine itself. Impact A malicious local user or process,...

The vulnerability of the microprogrammed software of Mitel series 6800, 6900, 6900w, and 6970 desktop telephones, related to the ability to bypass authentication, allows attackers to modify phone configuration parameters and trigger a service failure.

The vulnerability of the microprogramming software of Mitel series 6800, 6900, 6900w, and 6970 lies in its ability to bypass authentication. Exploiting this vulnerability allows an attacker to modify the phone’s configuration parameters and cause service failures...

PT-2024-3206 · Mitel · Mitel 6900 Series +2

Name of the Vulnerable Software and Affected Versions: Mitel 6800 Series and 6900 Series SIP Phones versions through 6.3 SP3 HF4 Mitel 6900w Series SIP Phone versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8 Description: A buffer overflow attack can be conducted by an...

Mitel 6800 SIP 和 6900 SIP 安全漏洞

Mitel 6800 SIP and Mitel 6900 SIP are both products of Mitel Canada.Mitel 6800 SIP is a 6800 SIP series IP phone.Mitel 6900 SIP is a 6900 SIP series IP phone. A security vulnerability exists in the Mitel 6800 SIP and 6900 SIP that stems from improper authentication controls, successful exploitati...

Electrolink FM/DAB/TV Transmitter 安全漏洞

The Electrolink FM/DAB/TV Transmitter is a series of transmitters from Electrolink. A security vulnerability exists in the Electrolink FM/DAB/TV Transmitter that originates from the ability to bypass the authentication mechanism, which could result in unauthorized system configuration changes or...

CVE-2024-26810 vfio/pci: Lock external INTx masking ops

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl. Create wrappers that add locking for paths outside of the core interrupt code. In...

CVE-2024-26810

Technical details about CVE-2024-26810 are not provided in the supplied documents. The Astra bulletin repeats the vulnerability description without specifying affected products/versions or remediation. Monitor for official advisories to obtain precise impact and fixes.

CVE-2024-29241

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information, write sensitive configurations in DSM, and reboot or shutdown NAS via unspecified vectors...

PT-2024-22673 · Esphome · Esphome

Name of the Vulnerable Software and Affected Versions: ESPHome versions 2023.12.9 through 2024.2.x ESPHome version 2023.12.9 Description: The dashboard component of ESPHome contains API endpoints that are vulnerable to Cross-Site Request Forgery CSRF, allowing remote attackers to carry out attack...

Unbound DNS Resolver < 1.19.1-2.fc40 Access Control Vulnerability

Unbound DNS Resolver is prone to an access control vulnerability. This VT was deprecated as it has been determined that this is not a software flaw in the product itself but an issue in Red Hat RHEL and derivates e.g. Fedora specific packaging of the product and for which various more reliable...

BIT-DRUPAL-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...

BIT-DRUPAL-2023-31250 Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

BIT-COUCHDB-2021-38295 Privilege escalation vulnerability when using HTML attachments

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

CVE-2024-20291

A vulnerability in the access control list ACL programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is...

Improper access control

A vulnerability in the access control list ACL programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is...

CVE-2024-20291

A vulnerability in the access control list ACL programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is...