CVE-2024-42192 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage

HCL Traveler for Microsoft Outlook HTMO is susceptible to a credential leakage which could allow an attacker to access other computers or applications...

CVE-2023-1751

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which...

Chatwoot 授权问题漏洞

Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. An authorization issue vulnerability exists in versions prior to Chatwoot 2.4.0 that stems from the presence of a session fixation...

SoftBank Mesh Wi-Fi router RP562B 安全漏洞

SoftBank Mesh Wi-Fi router RP562B is a router from SoftBank Japan. A security vulnerability exists in SoftBank Mesh Wi-Fi router RP562B v1.0.2 and earlier versions, which stems from the presence of an issue where sensitive system information is exposed to unauthorized sphere of control, and an...

CVE-2022-4945

The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud...

CVE-2022-3186

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to...

PT-2022-20960 · Dataprobe · Dataprobe Iboot Pdu

Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 Description: The affected product allows an attacker to access the device's main management page from the cloud. This feature enables users to remotely connect devices, however, the curre...

CVE-2022-23009

On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a division of China's MediaTek Mediatek. The MediaTek chips contain a security vulnerability that stems from the chips incorrectly handling the IEEE 1905 protocol when running on NETGEAR 21-11-11 device models and other devices...

kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c

A flaw out of bounds memory write in the Linux kernel HID subsystem was found in the way user attach USB or other HID device that generates incorrect data inside HID report field. A local user could use this flaw to crash the system or possibly escalate their privileges on the system...

ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c

An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used...

PT-2017-12674 · Siemens · Ruggedcom Ros +4

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM ROS for RSL910 devices versions prior to 5.0.1 RUGGEDCOM ROS for all other devices versions prior to 4.3.4 SCALANCE XB-200/XC-200/XP-200/XR300-WG versions 3.0 through 3.0.2 excluding 3.0.2 SCALANCE XR-500/XM-400 versions 6.1 through...