14 matches found
CVE-2026-6823 HKUDS OpenHarness Insecure Default Remote Channel Allowlist
HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allowfrom = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...
CVE-2026-6823
HKUDS OpenHarness (pre-PR #147) contains an insecure default remote-channel allowlist where allow_from = ["*"] lets remote senders pass admission checks, enabling attackers to bypass access controls and reach host-backed agent runtimes over the network. This can lead to unauthorized file disclosu...
CVE-2026-6823 HKUDS OpenHarness Insecure Default Remote Channel Allowlist
HKUDS OpenHarness prior to PR 147 remediation contains an insecure default configuration vulnerability where remote channels inherit allowfrom = "" permitting arbitrary remote senders to pass admission checks. Attackers who can reach the configured channel can bypass access controls and reach...
OpenHarness 安全漏洞
OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU, open sourced by HKU. Versions prior to OpenHarness PR 147 contained security vulnerabilities. These vulnerabilities stemmed from an unsafe default configuration in the remote channel, where allowfrom =...
CVE-2026-39906
Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...
EUVD-2024-55014
Malicious code in bioql PyPI...
CVE-2024-45431
OpenSynergy BlueSDK aka Blue SDK through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID CID. An attacker can leverage this to create an L2CAP channel with the null...
CVE-2024-45431
OpenSynergy BlueSDK aka Blue SDK through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID CID. An attacker can leverage this to create an L2CAP channel with the null...
CVE-2024-45431
OpenSynergy BlueSDK aka Blue SDK through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID CID. An attacker can leverage this to create an L2CAP channel with the null...
CVE-2024-45431
OpenSynergy BlueSDK (Blue SDK) before and including version 6.x contains an Improper Input Validation flaw in the Bluetooth stack: the remote L2CAP channel ID (CID) is not properly validated, allowing an L2CAP channel to be created with a null remote CID. This has been described in multiple sourc...
CVE-2024-45431
OpenSynergy BlueSDK aka Blue SDK through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID CID. An attacker can leverage this to create an L2CAP channel with the null...
CVE-2024-45431
OpenSynergy BlueSDK aka Blue SDK through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID CID. An attacker can leverage this to create an L2CAP channel with the null...
OpenSynergy BlueSDK 安全漏洞
OpenSynergy BlueSDK is a Bluetooth stack from OpenSynergy, Germany. A security vulnerability exists in OpenSynergy BlueSDK 6.x and prior versions that stems from the BlueSDK Bluetooth stack not properly validating the remote L2CAP channel ID, which could result in the creation of an L2CAP channel...
CVE-2024-39837 Malicious remote can create arbitrary channels
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled...