Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]

!Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server \FIXED\https://blog.rapid7.com/content/images/2023/06/GettyImages-1345443906.jpg Earlier this year, Rapid7 researchers undertook a project to analyze managed file transfer applications, due to the number of recent...

Globalscape Enhanced File Transfer 安全漏洞

Globalscape Enhanced File Transfer Globalscape EFT is a best-in-class Managed File Transfer MFT solution from Globalscape USA. A security vulnerability exists in Globalscape Enhanced File Transfer prior to version 8.1.0.16, which stems from an information disclosure vulnerability that could...

DEBIAN-CVE-2023-35828

An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesasusb3remove in drivers/usb/gadget/udc/renesasusb3.c...

Volkswagen Discover Media Infotainment System 代码问题漏洞

The Volkswagen Discover Media Infotainment System is an in-car media navigation system from Volkswagen Germany. A security vulnerability exists in Volkswagen Discover Media Infotainment System version 0876, which stems from a lack of exception handling. An attacker could cause a denial of service...

PT-2023-24988 · Volkswagen · Volkswagen Discover Media Infotainment System

Name of the Vulnerable Software and Affected Versions: Volkswagen Discover Media Infotainment System Software version 0876 Description: A lack of exception handling in the software allows attackers to cause a Denial of Service DoS via supplying crafted media files when connecting a device to the...

CVE-2023-33921

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05, CP-8050 MASTER MODULE All versions CPCI85 V05. The affected devices contain an exposed UART console login interface. An attacker with direct physical access could try to bruteforce or crack the root password to...

PT-2023-24820 · American Megatrends · Ami Bmc

Name of the Vulnerable Software and Affected Versions: AMI BMC affected versions not specified Description: The issue concerns a vulnerability in the IPMI handler of AMI BMC, allowing an unauthenticated host to write to a host SPI flash and bypass secure boot protections. This could lead to a los...

PT-2023-9234 · U-Boot · U-Boot

Name of the Vulnerable Software and Affected Versions: u-boot affected versions not specified Description: The issue is related to a bug in u-boot that allows for access to the u-boot shell and interrupt over UART. This is caused by a buffer overflow in memory. An attacker could exploit this to...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that results in a denial of service due to the dereference of an untrusted pointer in the core when sending USB QMI requests...

PT-2023-13817 · Qualcomm · Snapdragon +110

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a Transient Denial of Service DOS caused by an untrusted pointer dereference in the core when sending a USB QMI request...

Honeywell OneWireless 操作系统命令注入漏洞

Honeywell OneWireless is an industrial wireless mesh network from Honeywell that can simultaneously support ISA100 Wireless IEC 62734, WirelessHART IEC 62591 field instruments transmitters, actuators, etc., Wi-Fi devices and Ethernet/IP-based devices. A security vulnerability exists in Honeywell...

The vulnerability of the fusbhub.sys library in software for remote connection and control of Flexihub USB devices allows a hacker to cause a service failure.

The vulnerability of the fusbhub.sys library in software for remote connection and control of USB devices like Flexihub is related to pointer swapping errors. Exploiting this vulnerability can allow attackers to cause service failures...

CVE-2023-2587

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger...

Cross site scripting

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger...

CVE-2023-32347

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...

CVE-2023-32346

Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether th...

CVE-2023-32347

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...

Information disclosure

Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether th...

CVE-2023-2587

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting XSS vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger...

CVE-2023-2587

Teltonika RMS (Remote Management System) and its RUT routers are affected by multiple CVEs (CVE-2023-32346, -32347, -32348, -32349, -32350, -2587, -2586, -2588) due to XSS, improper authentication, SSRF, OS command injection, and exposed configuration. RMS pre-4.10.0 and RMS pre-4.14.0 (for -2586...