Stats 数据伪造问题漏洞

Stats is a menu-bar macOS system monitor by Serhiy Mytrovtsiy Individual Developer. Stats suffers from a Data Forgery Issue vulnerability that stems from the shouldAcceptNewConnection function unconditionally returning YES, allowing any XPC client to connect to the service without any form of...

Ivanti EPM 数据伪造问题漏洞

Ivanti EPM is a one-stop-shop for managing user profiles and all client devices from Ivanti, USA. Ivanti EPM is vulnerable to a data forgery issue vulnerability that stems from the inclusion of an improper signature verification issue. Allowing a remote unauthenticated attacker to exploit the...

cjwt 数据伪造问题漏洞

cjwt is a small JWT handler open-sourced by Xmidt. A data forgery vulnerability exists in cjwt version v2.2.0, which stems from an algorithmic obfuscation issue, where the system mishandles the verification of signature types and fails to differentiate between signature tokens, allowing an attack...

quic-go 数据伪造问题漏洞

quic-go is an implementation of the QUIC protocol, RFC 9000 protocol in Go by Lucas Clemente, a personal developer. A data forgery issue vulnerability exists in versions of quic-go prior to v0.48.1, which stems from the mishandling of ICMP Packet Too Large messages, and could allow an out-of-path...

Red Hat Ceph Storage 数据伪造问题漏洞

Red Hat Ceph Storage is a suite of scalable, open software-defined storage platforms from Red Hat USA. A data forgery issue vulnerability exists in Red Hat Ceph Storage that stems from the presence of an authentication bypass...

Galaxy Software Services iota C.ai Conversational Platform 数据伪造问题漏洞

Galaxy Software Services iota C.ai Conversational Platform is an intelligent AI conversational platform from Galaxy Software Services China. A data forgery vulnerability exists in Galaxy Software Services iota C.ai Conversational Platform versions 1.0.0 through 2.1.3, which stems from an improper...

ONEKEY Platform 数据伪造问题漏洞

ONEKEY Platform is an application of ONEKEY. A data forgery issue vulnerability exists in ONEKEY Platform, which stems from peer-to-peer authentication being disabled everywhere, allowing a remote unauthenticated user to execute arbitrary commands with elevated privileges on an affected device...

Visteon Infotainment 数据伪造问题漏洞

Visteon Infotainment is an automotive infotainment system from Visteon Corporation. Visteon Infotainment suffers from a data forgery vulnerability that arises from insufficient authenticity verification of the firmware image provided during firmware updates to the VIP microcontroller, which could...

Fortinet FortiClient Data Forgery Issue Vulnerability (CNVD-2024-49647)

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. The Fortinet FortiClient is vulnerable to a data forgery...

Fortinet FortiClient 数据伪造问题漏洞

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. The Fortinet FortiClient is vulnerable to a data forgery...

Laravel Reverb 数据伪造问题漏洞

Laravel Reverb is an open source library for The Laravel Framework. It brings real-time WebSocket communication to Laravel applications. A data forgery issue vulnerability exists in Laravel Reverb versions prior to 1.4.0, which stems from a failure to validate the authentication signature of...

ABB多款产品 数据伪造问题漏洞

ABB Relion Protection Relays and others are products of ABB Switzerland.ABB Relion Protection Relays are a compact, multifunctional solution for utility and industrial power distribution systems.ABB REX610 is a flexibly configurable all-in-one protection relay.ABB REX615 is ABB REX615 is a flexib...

Schneider Electric Data Center Expert 数据伪造问题漏洞

Schneider Electric Data Center Expert is a data monitoring software from Schneider Electric USA. A data forgery issue vulnerability exists in Schneider Electric Data Center Expert version 8.1.1.3 and prior versions, which stems from improper cryptographic signature validation, and could compromis...

Gradio 数据伪造问题漏洞

Gradio, an open source Python library open sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a Data Forgery Problem vulnerability that stems from the fact that if an attacker gains access to the remote URL where th...

SSOReady 数据伪造问题漏洞

SSOReady is an open source development tool for enterprise SSO from SSOReady Open Source. A data forgery vulnerability exists in SSOReady, which stems from the vulnerability of the affected version to XML signature bypass attacks...

Meshtastic device firmware 数据伪造问题漏洞

Meshtastic device firmware is a Meshtastic open source firmware for Meshtastic devices running open source, off-grid, decentralized mesh networks. A data forgery vulnerability exists in Meshtastic versions prior to 2.5.1, which stems from the remote hardware module not checking if a received remo...

goTenna Pro ATAK Plugin 数据伪造问题漏洞

The goTenna Pro ATAK Plugin is a plugin for goTenna's device that creates networks for off-grid communications and situational awareness. A Data Forgery Issue vulnerability exists in goTenna Pro ATAK Plugin version 1.9.12 and earlier, which arises from the use of AES CTR mode encryption of short...

goTenna Pro 数据伪造问题漏洞

The goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. A data forgery vulnerability exists in the goTenna Pro that arises from the use of AES CTR mode for short encrypted messages without any additional integrity checkin...

Red Hat Keycloak 数据伪造问题漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A Data Forgery Issue vulnerability exists in Red Hat Keycloak versions prior to 25.0.6, which stems from a flaw in the SAML signature validatio...

whatsapp-api-js 数据伪造问题漏洞

whatsapp-api-js is a TypeScript server-agnostic official API framework for Whatsapp by Tomás Raiti Personal Developer. A data forgery issue vulnerability exists in versions of whatsapp-api-js prior to 4.0.3, which stems from incorrectly returning false for a valid signature when using the...