Schneider Electric IGSS Data Server 数据伪造问题漏洞

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which can be exploited by an attacker to cause a denial of service by sending a specific craft...

Schneider Electric IGSS Data Server Data Forgery Issue Vulnerability

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which can be exploited by an attacker to cause a denial of service by sending a specific craft...

Schneider Electric IGSS Data Server Data Forgery Issue Vulnerability (CNVD-2023-29373)

Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which could be exploited by an attacker to send specific crafted messages to the data server T...

russh 数据伪造问题漏洞

russh is a Rust SSH client and server-side library. A data forgery issue vulnerability exists in russh versions 0.34.0 and 0.36.1, which stems from insufficient Diffie-Hellman key validation, which can lead to information disclosure and compromise confidentiality...

Akuvox E11 数据伪造问题漏洞

Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. A security vulnerability exists in Akuvox E11 that stems from not ensuring that file extensions are associated with the files provided. This could allow an attacker to upload files to the device by changin...

Zerocoin libzerocoin 数据伪造问题漏洞

libzerocoin is a Zerocoin open source C++ library. It implements the core cryptographic routines of the Zerocoin protocol. Zerocoin libzerocoin A data forgery issue vulnerability exists, which stems from insufficient validation of the authenticity of data...

authentik 数据伪造问题漏洞

authentik is an open source identity provisioning application from authentik Open Source. A data forgery issue vulnerability exists in authentik that stems from inadequate access checks, which can be exploited by an attacker to set a password for any account...

Google Android 数据伪造问题漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by improper use of cryptocurrency. An attacker can exploit the vulnerability to gain elevated privileges...

samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided

A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between...

SUSE CVE-2022-23131

In the case of instances where the SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to...

ConnectWise Control 数据伪造问题漏洞

ConnectWise Control is a self-hosted remote desktop software application from ConnectWise USA. A data forgery vulnerability exists in ConnectWise Control version 22.9.10032 and prior versions, which stems from a flaw in the encryption method. An attacker could use this vulnerability to elevate...

SAMSUNG Mobile devices 数据伪造问题漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices Android Q10 prior to 2.6.30.6, Android R11 prior to 3.1.21.10, and Android S12 prior to...

SwagPayPal 数据伪造问题漏洞

SwagPayPal is an open source PayPal integration for Shopware, a store software/platform. SwagPayPal suffers from a data forgery issue vulnerability that stems from the fact that the list of amounts and items sent to PayPal may not match those in the created order...

OpenZeppelin 数据伪造问题漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. OpenZeppelin Contracts for Cairo suffers from a data forgery issue vulnerability that stems from isvalidethsignature's lack of a call to finalizekeccak after a call to verifyethsignature...

reason-jose 数据伪造问题漏洞

reason-jose is a JavaScript object signature and encryption by Ulrik Strid Personal Developer. Reason-jose is vulnerable to a data forgery issue that stems from not checking HS256 signatures. An attacker exploiting this vulnerability could tamper with JWS headers and valid data...

Snap One Wattbox 数据伪造问题漏洞

Snap One Wattbox is a line of power solutions from Snap One, Inc. Snap One Wattbox WB-300-IP-3 WB10.9a17 version and prior versions are vulnerable to a data forgery issue that stems from the use of a private local area network LAN protocol that does not validate device updates. An attacker could...

libgit2 数据伪造问题漏洞

libgit2 is a portable, C implementation of the Git core development package. A data forgery issue vulnerability exists in libgit2 that stems from the fact that libgit2 does not perform certificate checking by default...

Cargo 数据伪造问题漏洞

Cargo is a Rust package manager open-sourced by The Rust Programming Language. A data forgery issue vulnerability exists in versions of Cargo prior to 0.67.1, which stems from a failure to perform SSH host key authentication when cloning indexes and dependencies over SSH, which can be exploited b...

go-saml 数据伪造问题漏洞

go-saml is a good enough SAML client library written in Go open-sourced by Robots and Pencils. A security vulnerability exists in go-saml. An attacker exploits the vulnerability to create inputs that cause hash conflicts based on control over the inputs...

jsonwebtoken 数据伪造问题漏洞

jsonwebtoken is Auth0 open source implementation of a JSON Web token . jsonwebtoken version 8.5.1 and earlier versions of data forgery vulnerability , the vulnerability stems from the default use of the "none" algorithm for signature verification , jwt.verify function in the lack of algorithm...