6680 matches found
Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post. Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works with NVIDIAs graphics cards. The driver is vulnerable to memory corruption if an adversary sends...
Command injection
Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and...
CVE-2023-40158
CVE-2023-40158 describes a hidden functionality vulnerability in CBC products that allows a remote authenticated attacker to execute arbitrary OS commands on the device or alter its settings. Affected series include NR4H/NR8H/NR16H and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41; these ar...
CVE-2023-40158
Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and...
CVE-2023-40158
Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and...
Multiple vulnerabilities in CBC digital video recorders
Overview Digital video recorders provided by CBC Co.,Ltd. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2023-38585 OS command injection CWE-78 - CVE-2023-40144 Hidden functionality CWE-912 - CVE-2023-40158 Yoshiki Mori, Ushimaru Hayato, Hiromu Kubiura and...
CVE-2023-39445
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console...
CVE-2023-38576
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console...
CVE-2023-32626
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands...
Design/Logic Flaw
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console...
Design/Logic Flaw
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands...
Denial of service
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions,...
Design/Logic Flaw
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console...
CVE-2023-39445
The CVE-2023-39445 entry concerns ELECOM/LOGITEC LAN-WH300N/RE devices. A hidden functionality vulnerability allows an unauthenticated attacker to execute arbitrary code by delivering a specially crafted file to a management console. Affected platform: LAN-WH300N/RE (LOGITEC) across all versions....
CVE-2023-39445
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console...
CVE-2023-38576
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console...
CVE-2023-35991
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions,...
CVE-2023-32626
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands...
Directory traversal
Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code...
Insufficient access control in the export functionality for the 'Groups' module exposing user password hashes
Description The web application incorrectly returns sensitive data to authenticated lower privileged users when making requests to export data from the 'Groups' module. This includes information such as the user's email address, password hash and whether two-factor authentication is configured...