go2rtc 安全漏洞

go2rtc is an ultimate camera streaming application by Alex X Personal Developer that supports RTSP, RTMP, HTTP-FLV, WebRTC, MSE, HLS, MP4, MJPEG, HomeKit, FFmpeg and more. A security vulnerability exists in go2rtc 1.8.5 and earlier versions, which stems from the /api/config endpoint that allows...

CVE-2024-1488 Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...

CVE-2024-1488

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an...

CVE-2023-50930

An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a...

Design/Logic Flaw

An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visitin...

CVE-2023-50931

An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting...

PT-2024-5293 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADAudit Plus versions 7260 and below Description: The issue is related to information disclosure in Zoho ManageEngine ADAudit Plus, a Windows Active Directory management and reporting tool. Exploitation of this issue may all...

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...

Peplink Balance Security Breach

Peplink Balance is a router from Peplink. A security vulnerability exists in Peplink Balance Two versions prior to 8.4.0, which stems from a lack of authorization checking in captive portals that allows an attacker to modify the configuration without prior authentication...

PT-2023-31124 · Peplink · Peplink Balance Two

Name of the Vulnerable Software and Affected Versions: Peplink Balance Two versions prior to 8.4.0 Description: A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication. This issue affects Peplink Balance Two and can be...

PT-2023-9103 · Peplink · Peplink Smart Reader

Name of the Vulnerable Software and Affected Versions: Peplink Smart Reader version 1.2.0 Description: A data integrity vulnerability exists in the web interface /cgi-bin/upload config.cgi functionality. A specially crafted HTTP request can lead to configuration modification. An attacker can make...

CVE-2023-3899 Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

Important: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated thi...

PT-2023-7628 · Asustor · Asustor Data Master

Name of the Vulnerable Software and Affected Versions: ASUSTOR Data Master ADM versions 4.0.6.RIS1 and below ASUSTOR Data Master ADM versions 4.1.0 and below ASUSTOR Data Master ADM versions 4.2.2.RI61 and below Description: The issue is related to improper privilege management in ASUSTOR Data...

Trace HTML Requests with Application Firewall Security Violation Logs on NetScaler Appliance

The NetScaler offers the option to isolate traffic for a specific Application Firewall profile and collect nstrace for HTML requests that trigger a log, block action or have malformed requests. The nstrace collected in "–appfw" mode will have details of the entire request including the Applicatio...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles Jira Connect Namespaces. An attacker can exploit this vulnerability to add or remove Jira Connect Namespaces, even if they do not have the required permissions. This can be used ...

CVE-2023-38555

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R...