CVE-2024-11999

CVE-2024-11999 involves CWE-1104: Use of Unmaintained Third-Party Components that could enable complete control of Schneider Electric HMI devices when an authenticated user installs malicious code. The vulnerability affects Schneider Electric Harmony HMI products (e.g., HMIST6, HMIG3U, HMIG3X) an...

CVE-2024-11999

CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product...

CVE-2024-11980

Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388 CVE-2022-1388 is a serious vulnerabil...

SUSE CVE-2024-53064

In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...

UBUNTU-CVE-2024-53064

In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...

CVE-2024-53064 idpf: fix idpf_vc_core_init error path

In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...

CVE-2024-53064 idpf: fix idpf_vc_core_init error path

In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...

CVE-2024-50274 idpf: avoid vport access in idpf_get_link_ksettings

In the Linux kernel, the following vulnerability has been resolved: idpf: avoid vport access in idpfgetlinkksettings When the device control plane is removed or the platform running device control plane is rebooted, a reset is detected on the driver. On driver reset, it releases the resources and...

kernel: drm/amdgpu: use-after-free vulnerability

A failure flaw was found in the Linux kernel’s AMDGPU driver in how a user sends ioctl with an invalid address and size when using the AMD GPU. This flaw allows a local user to crash the system...

Lovense Lush 安全漏洞

Lovense Lush is an application from Lovense, Inc. A security vulnerability exists in Lovense Lush 2 2020-02-25 and earlier versions, which stems from a lack of Bluetooth traffic encryption, where an ongoing Bluetooth connection with a cell phone could be hijacked, allowing an attacker to take ful...

CVE-2024-45263

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control...

The vulnerability of the Junos OS Evolved operating system, related to bypassing authentication using a key, allows attackers to circumvent existing security restrictions, gain access to the system, and obtain full control over the device.

The vulnerability of the Junos OS Evolved operating system relates to bypassing authentication by using a password. Exploiting this vulnerability allows an attacker to circumvent existing security restrictions, gain access to the system, and obtain full control over the device...

PT-2024-31530 · Helmholz +1 · Rex100 +3

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The devices contain two hard-coded user accounts with hardcoded passwords, allowing an unauthenticated remote attacker to gain full control of the...

CVE-2024-39563

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete...

CVE-2024-8456

Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices...

CVE-2024-8878

The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05...

CVE-2024-8878 Unauthenticated Password Reset

The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05...

block/ioctl: prefer different overflow check

...

TOTOLINK CP900 cstecgi.cgi file UploadCustomModule function buffer overflow vulnerability

The TOTOLINK CP900 is a wireless router. The TOTOLINK CP900 suffers from a buffer overflow vulnerability that stems from improper handling of the File parameter in the UploadCustomModule function of the file /cgi-bin/cstecgi.cgi. An attacker can use this vulnerability to cause a crash of the...