Crypt-Server 跨站脚本漏洞

Crypt-Server is a Django web application by Graham Gilbert, an individual developer in the United States. It is used to host file library keys sent by the Crypt client application. A security vulnerability exists in Crypt-Server versions prior to 3.3.0, which stems from allowing the use of XSS in...

The vulnerability of the SecureBackDoor driver in the microprogramming software of Lenovo laptops allows a hacker to inject malicious code into the SPI flash memory.

The vulnerability of the SecureBackDoor driver in Lenovo notebook BIOS microprograms lies in the ability to alter the protection zone of the microprogram by editing the NVRAM variable. Exploiting this vulnerability allows a hacker to inject malicious code into the SPI flash memory...

Slackware: Security Advisory (SSA:2009-111-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-28779

Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code...

CVE-2022-0947

A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration...

多款 MediaTek 产品输入验证错误漏洞

MediaTek chips are a variety of chips from MediaTek, a division of China's MediaTek Mediatek. A security vulnerability exists in multiple MediaTek products that originates from an integer overflow in the preloader usb, which may result in out-of-bounds writes...

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

...

CVE-2021-42324

An issue was discovered on DCN Digital China Networks S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell...

CVE-2022-28376

Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone knowing the device's serial number to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password for the verizon username is calculated by concatenating the serial number and the model i.e., the LVSKIHP string...

CVE-2022-28376

Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone knowing the device's serial number to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password for the verizon username is calculated by concatenating the serial number and the model i.e., the LVSKIHP string...

Design/Logic Flaw

Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone knowing the device's serial number to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password for the verizon username is calculated by concatenating the serial number and the model i.e., the LVSKIHP string...

PT-2022-18985 · Verizon · Verizon 5G Home

Name of the Vulnerable Software and Affected Versions: Verizon 5G Home LVSKIHP outside devices through 2022-02-15 Description: The issue allows anyone with knowledge of the device's serial number to access a CPE admin website, for example, at the "10.0.0.1" IP address. The password for the verizo...

Schneider Electric ConneXium Network Manager Software 安全漏洞

Schneider Electric ConneXium Network Manager Software Schneider Electric Cnm is an industrial Ethernet network management software from Schneider Electric France. A security vulnerability exists in the Schneider Electric ConneXium Network Manager Software. An attacker with physical access could...

Verizon LVSKIHP 5G 授权问题漏洞

The Verizon LVSKIHP 5G is a 5G Internet gateway from Verizon USA. A security vulnerability exists in the Verizon LVSKIHP 5G external device in versions prior to 2022-02-15, which allows an attacker who knows the serial number of the device to access the CPE management website, such as the 10.0.0....

CVE-2021-32976 Moxa NPort IAW5000A-I/O Series Serial Device Server Stack-based Buffer Overflow

Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code...

CVE-2021-32970 Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation

Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions...

CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older...

CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older...

CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older...

Information disclosure

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older...