Carrier LenelS2 HID Mercury access panels

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier LenelS2 Equipment: HID Mercury access panels sold by LenelS2 Vulnerabilities: Protection Mechanism Failure, Forced Browsing, Classic Buffer Overflow, Path Traversal, OS Command Injection 2...

Improper Input Validation in Jenkins

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without...

Design/Logic Flaw

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated...

CVE-2020-14504

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings...

Caldera Access Control Error Vulnerability (CNVD-2022-08044)

Caldera is a suite of software from Caldera France that provides color management, imaging and processing solutions for printer devices. Caldera suffers from an Access Control Error vulnerability in version 2.8.1 and earlier, which stems from the software's failure to properly segregate user...

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of...

CVE-2021-40112

Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network PON Series Switches Optical Network Terminal ONT could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol i...

Input validation

nLight ECLYPSE nECY system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM...

Hashicorp Terraform 信息泄露漏洞

Hashicorp Terraform is an open source tool for provisioning and managing cloud infrastructures from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Terraform Enterprise versions prior to 202108-1, which stems from the fact that HashiCorp Terraform Enterprise prior to...

CVE-2021-31338

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.0 SP1. Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device...

CVE-2021-31338

The CVE-2021-31338 issue affects SINEMA Remote Connect Client (all versions

CVE-2021-3707

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

Command injection

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

CVE-2021-3707

CVE-2021-3707 (and CVE-2021-3708) affects D-Link DSL-2750U routers with firmware vME1.16 or earlier. The issues allow an unauthenticated attacker on the local network to perform dangerous actions: CVE-2021-3707 enables unauthorized configuration modification, while CVE-2021-3708 enables OS comman...

D-Link DSL-2750U安全漏洞

The D-Link DSL-2750U is a wireless N 300 ADSL2 modem router.An unauthorized configuration modification vulnerability exists in the D-Link DSL-2750U ME1.16 and earlier versions. An attacker could use this vulnerability to modify the configuration without authorization...

PT-2021-21488 · D Link · Dsl-2750U

Name of the Vulnerable Software and Affected Versions: D-Link router DSL-2750U versions vME1.16 and prior Description: The issue allows an unauthenticated attacker on the local network to modify the configuration and execute any OS commands on the vulnerable device. Recommendations: For D-Link...

CVE-2021-33214

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...

Authentication Bypass in ASG and ProxySG

Summary The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...

The vulnerabilities of IBM DB2 database management systems, including IBM DB2 Connect, are caused by synchronization errors when using shared resources, allowing attackers to alter the configuration of DB2.

The vulnerability of IBM DB2 database management systems and IBM DB2 Connect stems from synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to alter the configuration of DB2...

Siemens SINAMICS SL150 Input Validation Error Vulnerability

Siemens SINAMICS SL150 is an application program of Siemens, Germany. Cyclic frequency converter for high-torque slow-speed synchronous and induction motors. An input validation error vulnerability exists in the SINAMICS SL150, which can be exploited by an attacker to cause a denial-of-service...