Improper Authentication in Apache Shiro

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

ISC BIND GSS-TSIG SPNEGO Buffer Overflow (CVE-2021-25216)

According to its self-reported version, the ISC Bind present on the remote host is affected by a buffer overflow vulnerability: - GSS-TSIG is an extension to the TSIG protocol which is intended to support the secure exchange of keys for use in verifying the authenticity of communications between...

[SECURITY] Fedora 34 Update: mosquitto-2.0.10-1.fc34

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

The vulnerability of microprogrammed software in wireless controllers from NETGEAR, such as WC7500, WC7600, WC7600v2, and WC9500, arises due to insufficient cleaning of input data. This allows a intruder to execute arbitrary commands.

The vulnerability of microprogrammed wireless controller software from NETGEAR, including WC7500, WC7600, WC7600v2, and WC9500, is related to insufficient cleaning of input data. Exploiting this vulnerability can allow an intruder to execute arbitrary commands...

Microsoft Windows 权限许可和访问控制问题漏洞

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in the Windows Services and Controllers...

VulnCheck KEV: CVE-2020-1957

Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass...

The vulnerability of microprogrammed software in NETGEAR controllers such as WC7500, WC7600, WC7600v2, and WC9500 lies in the lack of protection for operational data, allowing unauthorized access to the protected information.

The vulnerability of the microprogrammed software of NETGEAR controllers WC7500, WC7600, WC7600v2, and WC9500 lies in the lack of protection for operational data. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...

The vulnerability of the Samba networking communication package, related to improper access control, allows a perpetrator to gain access to confidential data and compromise its integrity.

The vulnerability of the Samba networking communication package is related to an error in deleting permissions for creating or modifying subtrees. This error does not automatically disappear on all domain controllers. Exploiting this vulnerability can allow a remote attacker to gain access to...

The vulnerability of microprogrammed software in programmable logic controllers such as CompactLogix 5370 L1, CompactLogix 5370 L2, CompactLogix 5370 L3, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5370, related to the execution of a loop with an unavailable exit condition, allows a intruder to cause a service failure.

The vulnerability of microprogrammed software in programmable logic controllers such as CompactLogix 5370 L1, CompactLogix 5370 L2, CompactLogix 5370 L3, Compact GuardLogix 5370, ControlLogix 5570, and GuardLogix 5370, related to the execution of a loop with an unreachable exit condition...

Cisco Catalyst 9000 Denial of Service Vulnerability

The Cisco Catalyst 9000 is a switch from the American company Cisco. A security vulnerability exists in the Cisco Catalyst 9000 Family Wireless Controllers that stems from insufficient CAPWAP packet authentication. An attacker could exploit the vulnerability to cause a denial of service DoS...

CVE-2021-1373

A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition of a...

CVE-2021-1373

A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition of a...

CVE-2021-1373 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points CAPWAP protocol processing of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition of a...

Cisco Catalyst 9000 安全漏洞

The Cisco Catalyst 9000 is a switch from the American company Cisco. A security vulnerability exists in the Cisco Catalyst 9000 Family Wireless Controllers that stems from insufficient CAPWAP packet authentication. An attacker could exploit the vulnerability to cause a denial of service DoS...

Weak Password Vulnerability in Multiple Wireless Controller Products of Xinhua San Technologies Co.

H3C WX3510H, H3C WX2510H, H3C WX3508H, H3C WX3540H are wireless controllers from Xinhua San Technology Co. A weak password vulnerability exists in several wireless controller products of Xinhua San Technologies Limited, which can be exploited by attackers to obtain sensitive information...

CVE-2021-26897

Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895. Recent assessments: architect00 at April 14, 2021 6:08am UTC reported: Vulnerability Overview 0patch released a blog article about their micro patch...

Siemens SIMATIC 安全漏洞

SIMATIC S7-PLCSIM V5.4 is a Windows application that simulates the execution of user programs for the simulation of analog S7-300 CPUs, S7-400 CPUs, and WinAC series controllers. A security vulnerability exists in Siemens SIMATIC S7-PLCSIM. An attacker could exploit the vulnerability to cause a...

Siemens SIMATIC 数字错误漏洞

SIMATIC S7-PLCSIM V5.4 is a Windows application that simulates the execution of user programs for the simulation of analog S7-300 CPUs, S7-400 CPUs, and WinAC series controllers. A security vulnerability exists in Siemens SIMATIC S7-PLCSIM. An attacker can exploit the vulnerability to cause a...

The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730, DriveLogix 1794-L34, Compact GuardLogix 5370, Compact GuardLogix 5380, GuardLogix 5570, GuardLogix 5580, and SoftLogix 5800 stem from insufficient protection of registration data. This allows attackers to elevate their privileges and alter the configuration of vulnerable devices.

The vulnerabilities of microprogrammed software in programmable logic controllers such as CompactLogix 1768, CompactLogix 1769, CompactLogix 5370, CompactLogix 5380, CompactLogix 5480, ControlLogix 5550, ControlLogix 5560, ControlLogix 5570, ControlLogix 5580, DriveLogix 5560, DriveLogix 5730,...

CVE-2021-22681

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...