PT-2022-5531 · D Link · D-Link Dir-1935

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can b...

8x8: LFI via Jolokia at https://█.█.█.█:1293

@shuvam321 reported to us a single exposed host in the acceptance environment. The report demonstrated a Local File Inclusion via Jolokia, e.g.: https://█.█.█.█:1293/actuator/jolokia/exec/com.sun.management:type=DiagnosticCommand/compilerDirectivesAdd/!/etc!/hostname No sensitive information has...

Advantech iView saveEditDeviceValues SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens on TCP port 8080 by default. When...

Advantech iView updatePROMFile ipaddress SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the NetworkServlet endpoint,...

CVE-2022-28895

A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1FW130B06 allows attackers to escalate privileges to root via a crafted payload...

D-Link DIR882 操作系统命令注入漏洞

The D-Link DIR882 is a dual-band wireless router from China-based AUO D-Link. The D-Link DIR882 DIR882A1FW130B06 firmware version suffers from an operating system command injection vulnerability that stems from a command injection issue in the component /setnetworksettings/IPAddress. An attacker...

63.32.217.136 Improper Access Control vulnerability OBB-2443207

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Mageia: Security Advisory (MGASA-2020-0343)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2015-0460)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : python38:3.8 / and / python38-devel:3.8 (ELSA-2021-4162)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4162 advisory. - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are...

CentOS 8 : python39:3.9 and python39-devel:3.9 (CESA-2021:4160)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4160 advisory. - python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-28957 - python-ipaddress: Improper input validation ...

python-ipaddress: Improper input validation of octal strings

A flaw was found in python-ipaddress. Improper input validation of octal strings in stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. The highest threat from this vulnerability is to...

python-ipaddress: Improper input validation of octal strings

A flaw was found in python-ipaddress. Improper input validation of octal strings in stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. The highest threat from this vulnerability is to...

RLSA-2021:4160 Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

USN-4973-2 python3.8 vulnerability

USN-4973-1 fixed this vulnerability previously, but it was re-introduced in python3.8 in focal because of the SRU in LP: 1928057. This update fixes the problem. Original advisory details: It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker...

Ubuntu 20.04 LTS : Python vulnerability (USN-4973-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4973-2 advisory. USN-4973-1 fixed this vulnerability previously, but it was re-introduced in python3.8 in focal because of the SRU in LP: 1928057. This update fixes the problem...

Updated python3 packages fix security vulnerability

bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-44394: Update the vendored copy of libexpat to 2.4.1 from 2.2.8 to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used on Windows and macOS. bpo-43124...

Python -- multiple vulnerabilities

Python reports: bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-44394: Update the vendored copy of libexpat to 2.4.1 from 2.2.8 to get the fix for the CVE-2013-0340 "Billion Laughs" vulnerability. This copy is most used on Windows and...

python-ipaddress: Improper input validation of octal strings

A flaw was found in python-ipaddress. Improper input validation of octal strings in stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. The highest threat from this vulnerability is to...

EulerOS 2.0 SP8 : python-ipaddress (EulerOS-SA-2021-2313)

According to the version of the python-ipaddress packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allo...