58 matches found
@amazingcat/amazing-iohook (>=8.2.3 <=8.3.3), @donmahallem/trapeze-client-desktop (=5.1.1) +15 more potentially affected by CVE-2020-15174 via electron (>=8.0.0-beta.1 <=8.5.0)
electron NPM version =8.0.0-beta.1, =8.2.3, =8.0.0, =0.1.0, =4.0.0-beta.1, =1.0.1, =1.7.0, =1.0.3, =1.0.5, =0.0.1, =1.1.35, =1.1.51 and more Source cves: CVE-2020-15174 Source advisory: OSV:GHSA-2Q4G-W47C-4674...
Connected Home Hubs Open Houses to Full Remote Takeover
Three different connected home hubs – Fibaro Home Center Lite, Homematic Central Control Unit CCU2 and Elko’s eLAN-RF-003 – are vulnerable in their older versions to serious bugs that would allow information disclosure, man-in-the-middle MiTM attacks and unauthenticated remote code execution RCE,...
ELAN Smart-Pad 11.10.15.1 - (ETDService) Unquoted Service Path Vulnerability
Exploit Title: ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path Exploit Author : ZwX Vendor : ELAN Microelectronics Vendor Homepage : http://www.emc.com.tw/ Tested on OS: Windows 10 v1803 Analyze PoC : ============== C:\Users\ZwXsc qc ETDService SC QueryServiceConfig réussites...
ELAN Smart-Pad 11.10.15.1 Unquoted Service Path
Exploit Title: ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2020-02-05 Vendor : ELAN Microelectronics Vendor Homepage : http://www.emc.com.tw/ Tested on OS: Windows 10 v1803 Analyze PoC : ============== C:\Users\ZwXsc qc ETDService SC...
ELAN Smart-Pad 11.10.15.1 - ETDService Unquoted Service Path
ELAN Smart-Pad 11.10.15.1 - ETDService Unquoted Service Path Exploit Title: ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2020-02-05 Vendor : ELAN Microelectronics Vendor Homepage : http://www.emc.com.tw/ Tested on OS: Windows 10 v1803 Analyze P...
ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path
Exploit Title: ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2020-02-05 Vendor : ELAN Microelectronics Vendor Homepage : http://www.emc.com.tw/ Tested on OS: Windows 10 v1803 Analyze PoC : ============== C:\Users\ZwXsc qc ETDService SC...
Emerson 396359-25-6 ControlWave CPU module Detection
Binary data 756535.prm...
Emerson 396359-32-9 ControlWave CPU module Detection
Binary data 756536.prm...
Emerson 396359-26-4 ControlWave CPU module Detection
Binary data 756534.prm...
Fedora 23 : kernel-4.3.4-300.fc23 (2016-2f25d12c51)
Update to latest upstream stable release, Linux v4.3.4. Fixes for Elan touchpads. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
openSUSE Security Update : the Linux Kernel (openSUSE-2015-301)
The Linux kernel was updated to fix various bugs and security issues. Following security issues were fixed : - CVE-2014-8173: A NULL pointer dereference flaw was found in the way the Linux kernels madvise MADVWILLNEED functionality handled page table locking. A local, unprivileged user could have...
Siemens Update on Heartbleed Patches in ICS, SCADA
Industrial control equipment manufacturer Siemens has produced a security update that mitigates the OpenSSL Heartbleed vulnerability in its eLAN systems and now its WinCC OA supervisory control and data acquisition SCADA software as well. The company is continuing to work on patches to resolve th...
ICS-CERT Warns of Heartbleed Vulnerabilities in Siemens Gear
A number of ICS products from Siemens and Innominate are vulnerable to the OpenSSL heartbleed flaw, some of which do not have updates available yet. The list of products affected by the heartbleed vulnerability continues to grow by the day, with OpenVPN being one of the latest. A researcher on...
Siemens Industrial Products OpenSSL Heartbleed Vulnerability (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-14-105-03A Siemens Industrial Products OpenSSL Heartbleed Vulnerability that was published April 29, 2014, on the NCCIC/ICS-CERT web site. Siemens reported to ICS-CERT a list of products affected by the OpenSSL...
Code injection
The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service telephony application outage...
CVE-2007-5591
The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service telephony application outage...
CVE-2007-5591
The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M Chassis/Cabinet, Enterprise VoIP-Core-CS 1000E and 1000S, Meridian-Core-Option 11C Chassis and Cabinet, and Meridian-Core-Option 51C, 61C, and 81C allows remote attackers to cause a denial of service telephony application outage...
CVE-2007-5591
Technical details about CVE-2007-5591 are not provided in the supplied documents. Monitor for updates from NVD and vendor advisories for any concrete affected products, impact, or fixes.