12 matches found
GL-iNet Comet 安全漏洞
GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability in GL-iNet Comet, which stems from the lack of certificate verification during the initialization process when connecting to the GL-iNet site. This vulnerabili...
GHSA-XG2Q-62G2-CVCM Tinyauth's OIDC authorization codes are not bound to client on token exchange
Summary The OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their own client credentials, obtaining tokens for users who never...
Observable Timing Discrepancy
Overview Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the handling of RSA premaster secrets when an invalid secret is received. An attacker can potentially observe timing differences by exploiting the additional processing performed when the premaster...
CVE-2019-20428
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldlrequestcancel function mishandles a large lockcount parameter...
Hospital Management System Cross-Site Scripting Vulnerability
Hospity is a cloud-based software for EMR maintenance in hospitals, clinics, labs, and pharmacies. A cross-site scripting vulnerability exists in Hospital Management System version 4.0, which stems from a lack of proper validation of client-side data in the WEB application and can be exploited by...
Nippon Telegraph and Telephone Hikari Denwa Phone Home Gateway Cross-Site Scripting Vulnerability
Nippon Telegraph and Telephone Hikari Denwa Phone Home Gateway is an IP telephony service from Nippon Telegraph and Telephone for its fiber optic service subscribers. A cross-site scripting vulnerability exists in Nippon Telegraph and Telephone Hikari Denwa Phone Home Gateway. The vulnerability...
Security Bulletin: IBM WebSphere MQ Invalid client protocol flows could cause denial of service (CVE-2016-0379)
Summary An invalid MQ client protocol flow could cause a memory access violation on the server which could impact other channels running in the same process. Vulnerability Details CVEID: CVE-2016-0379 DESCRIPTION: IBM WebSphere MQ could allow an authenticated user with queue manager rights to cau...
UBUNTU-CVE-2014-3971
The CmdAuthenticate::authenticateX509 function in db/commands/authenticationcommands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service daemon crash by attempting authentication with an invalid X.509 client certificate...
ICCP Invalid Client Disconnect (SCADA)
Binary data 6254.prm...
CVE-2007-5965
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user...
Design/Logic Flaw
Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service agent process crash via invalid data from clients other than Cosminexus Manager...
CVE-2007-0009
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote...