196 matches found
CVE-2022-39044
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and...
CVE-2022-39044
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and...
Denial of service
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and...
Command injection
Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...
PT-2022-26928 · Unknown · Udr-Ja1608 +2
Name of the Vulnerable Software and Affected Versions: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier Description: The issue allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. This is due to a...
CVE-2022-39044
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and...
Multiple vulnerabilities in UNIMO Technology digital video recorders
Overview Multiple digital video recorders provided by UNIMO Technology Co., Ltd contain multiple vulnerabilities listed below. Improper Authentication CWE-287 - CVE-2022-44620 OS Command Injection CWE-78 - CVE-2022-44606 Hidden Functionality CWE-912 - CVE-2022-43464 The reporter states that attac...
GHSA-8JH9-WQPF-Q52C sweetalert2 v8.19.1 and above contains hidden functionality
sweetalert2 versions 8.19.1 and up until 9.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions below 8.19.1. Workaround Users who a...
GHSA-PG98-6V7F-2XFV sweetalert2 v9.17.4 and above contains hidden functionality
sweetalert2 versions 9.17.4 and up until 10.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 9.0.0 - 9.17.3. Workaround Users wh...
sweetalert2 v10.16.10 and above contains hidden functionality
sweetalert2 versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9. Workaround Use ...
GHSA-457R-CQC8-9VJ9 sweetalert2 v10.16.10 and above contains hidden functionality
sweetalert2 versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9. Workaround Use ...
GHSA-QQ6H-5G6J-Q3CM sweetalert2 v11.4.9 and above contains hidden functionality
sweetalert2 versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8. Workaround Use a version...
PT-2022-28188 · Unknown · Sweetalert2
Name of the Vulnerable Software and Affected Versions: sweetalert2 versions 10.16.10 through 11.0.0 Description: The issue concerns hidden functionality introduced by the maintainer, causing the package to output audio and/or video messages unrelated to its intended functionality. Recommendations...
Command injection
A hidden functionality vulnerability CWE-1242 in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command...
CVE-2022-3203 ORing net IAP-420(+) Hidden Functionality
On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...
Multiple vulnerabilities in Buffalo network devices
Overview Multiple network devices provided by Buffalo Inc. contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2022-39044 Use of Hard-coded Credentials CWE-798 - CVE-2022-34840 Authentication Bypass CWE-288 - CVE-2022-4096 Chuya Hayakawa of 00One, Inc. reported these...
PT-2022-6337 · Unknown · Mklogic-500
Name of the Vulnerable Software and Affected Versions: MKLogic-500 affected versions not specified Description: The issue is related to the presence of hidden functionality, specifically SSH access, in the MKLogic-500. This could allow a remote attacker to gain full control over the device...
Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series
Overview FLEXLAN FX3000 and FX2000 series provided by Contec Co., Ltd. contain multiple vulnerabilities listed below. Hidden Functionality CWE-912 - CVE-2022-36158 Use of Hard-coded Credentials CWE-798 - CVE-2022-36159 Thomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these...
GHSA-8GR3-2GJW-JJ7G Hidden functionality in node-ipc
The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions 9.2.2...
Hidden functionality in node-ipc
The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions 9.2.2...