Unauthorized access vulnerability in HP ENVY 5540 All-in-One Printer series printers

The HP ENVY 5540 All-in-One Printer series printer is an all-in-one printer from HP. An unauthorized access vulnerability exists in the HP ENVY 5540 All-in-One Printer series printer, which can be exploited by an attacker to gain direct access to the printer control interface without logging in...

Unauthorized access vulnerability in HP ENVY 5530 e-All-in-One Printer series

The HP ENVY 5530 e-All-in-One Printer series printer is an all-in-one printer from HP Trading Shanghai Co. An unauthorized access vulnerability exists in the HP ENVY 5530 e-All-in-One Printer series, which can be exploited by an attacker to gain direct access to the printer control interface...

Unauthorized Access Vulnerability in HP-ENVY-7640 at Hewlett-Packard Trading (Shanghai) Co.

The HP-ENVY-7640 series printer is an all-in-one printer from HP. An unauthorized access vulnerability exists in the HP-ENVY-7640, which can be exploited by an attacker to gain direct access to the printer control interface without logging in...

Unauthorized Access Vulnerability in HP LaserJet Pro MFP Series Printers

The HP LaserJet Pro MFP series of printers is an all-in-one printer from HP. An unauthorized access vulnerability exists in the HP LaserJet Pro MFP series printers, which can be exploited by an attacker to gain direct access to the printer control interface without logging in...

CVE-2020-35586

In Solstice Pod before 3.3.0 or Open4.3, the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement e.g., it might be all digits or all lowercase letters...

kernel: MIDI driver race condition leads to a double-free

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local attacker could possibly use this f...

hw: Intel GPU Denial Of Service while accessing MMIO in lower power state

A flaw was found in Intel graphics hardware GPU where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected display...

Carel pCOWeb HVAC Insecure Credential Storage

Advisory: Unsafe Storage of Credentials in Carel pCOWeb HVAC The Carel pCOWeb card stores password hashes in the file "/etc/passwd", allowing privilege escalation by authenticated users. Additionally, plaintext copies of the passwords are stored. Details ======= Product: HVAC units using the OEM...

Nortek Security & Control Linear eMerge E3-Series License Issue Vulnerability

The Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control USA. Nortek Security & Control Linear eMerge E3-Series is vulnerable to an authorization issue. An attacker can use this vulnerability to bypass authorization with a GET request, obtai...

The vulnerability of the control interface for Cisco NX-OS network operating system routers allows attackers to escalate their privileges.

The vulnerability of the control interface for Cisco NX-OS network operating system routers relates to authentication process errors. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of Airtame HDMI adapter’s microprogramming software, related to access control deficiencies, allows a intruder to gain unauthorized access to the control interface.

The vulnerability of the Airtame HDMI adapter’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the control interface. This could result in forced system reboots,...

The vulnerability of the delivery interface component in NetScaler SD-WAN applications allows a attacker to execute arbitrary shell commands.

The vulnerability of the control interface component for NetScaler SD-WAN applications exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary shell commands with root privileges, using the CGISESSID cookie file...

CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

Design/Logic Flaw

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service resourc...

Design/Logic Flaw

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

CVE-2015-7945

The CVE-2015-7945 entry describes a vulnerability in Ganeti’s RESTful control interface (RAPI/ganeti-rapi) affecting multiple release streams: 2.9.x prior to 2.9.7, 2.10.x prior to 2.10.8, 2.11.x prior to 2.11.8, 2.12.x prior to 2.12.6, 2.13.x prior to 2.13.3, 2.14.x prior to 2.14.2, and 2.15.x p...

The vulnerability of the Android operating system, which allows a perpetrator to affect the integrity, accessibility, and confidentiality of information.

The vulnerability in the access control system for Android operating systems exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain incorrect check values for the memory range check from the access control...

[ASA-201610-7] wpa_supplicant: multiple issues

Arch Linux Security Advisory ASA-201610-7 ========================================= Severity: High Date : 2016-10-08 CVE-ID : CVE-2016-4476 CVE-2016-4477 Package : wpasupplicant Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Qualcomm Android operating system’s component driver lies in the lack of checks for unique identifiers in the client DCI table. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created application...

UBUNTU-CVE-2014-9875

drivers/char/diag/diagdci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 2013 devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310...