62 matches found
CVE-2024-21607 Junos OS: MX Series and EX9200 Series: If the "tcp-reset" option used in an IPv6 filter, matched packets are accepted instead of rejected
An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which...
Code injection
Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary cod...
CVE-2022-40895
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...
CVE-2022-40895
In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. The vulnerability is due to insecure design, where a difference in forgot password...
Securing your IoT with Edge Secured-core devices
A recent study conducted by Microsoft in partnership with Ponemon Institute included a survey of companies that have adopted IoT solutions and 65 percent of them mentioned that security is a top priority when implementing IoT. Attacks targeting IoT devices put businesses at risk. Impacted devices...
7 Ways to Defend Mobile Apps, APIs from Cyberattacks
There are two essential elements driving progress in today’s digital-first economy: Mobile applications and the application programming interfaces APIs that allow those applications to communicate and exchange data with each other. The growth in these two technologies has exposed users and their...
Input validation
A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...
CVE-2021-22329
There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect...
CVE-2021-22329
There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect...
CVE-2021-22329
There has a license management vulnerability in some Huawei products. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper license management of the device, as a result, the license file can be applied and affect...
BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models
Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. "As the attacker has the...
CVE-2020-3530 Cisco IOS XR Authenticated User Privilege Escalation Vulnerability
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The...
The vulnerability of the SINAMICS PERFECT HARMONY GH180 driver software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the device.
The vulnerability of SINAMICS PERFECT HARMONY GH180 driver software is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of the device...
Samsung Mobile Device Code Issue Vulnerability (CNVD-2020-33712)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have a code issue vulnerability that can be exploited by attackers to compromise integrity...
CVE-2019-10925
A vulnerability has been identified in SIMATIC MV400 family All Versions V7.0.6. An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited by an attacker with network access to the device. Val...
Design/Logic Flaw
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability...
CVE-2019-5243
CVE-2019-5243 relates to a clickjacking vulnerability in Huawei HG255s wireless router. The vulnerability allows an attacker to coerce a user into clicking a hidden or obscured element, potentially compromising the device’s integrity. The initial description and connected documents consistently r...
CVE-2018-15423
A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...
Cisco HyperFlex UI Clickjacking Vulnerability
A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...
Biosense Webster Carto 3 System Vulnerabilities
1. EXECUTIVE SUMMARY Biosense Webster Inc. BWI, a Johnson & Johnson company, has produced a software update that applies operating system patches and anti-virus signature updates to close known vulnerabilities in the operating system of the CARTO 3 System, a 3D cardiovascular mapping platform...