22 matches found
SAMSUNG GalaxyDiagnostics 安全漏洞
Samsung GalaxyDiagnostics is a set of self-service hardware testing tools developed by South Korean company Samsung. Previous versions of Samsung GalaxyDiagnostics, such as 3.5.050, contained security vulnerabilities. These vulnerabilities were due to improper input validation, which could allow...
EUVD-2024-29736
Malicious code in bioql PyPI...
Malicious Package
Overview ipp-auth-service-tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious code in ipp-auth-service-tools (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54b42b5695779161ac5d3618b146cd263b9f17a9c1fe517abd5efff7b3ecdc97 Any computer that has this package installed or running should be considered...
MAL-2025-6099 Malicious code in ipp-auth-service-tools (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54b42b5695779161ac5d3618b146cd263b9f17a9c1fe517abd5efff7b3ecdc97 Any computer that has this package installed or running should be considered...
CVE-2024-10444
Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager DSM before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2024-48966 Life2000 service tools for test and calibration do not support user authentication
The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedde...
CVE-2024-48966 Life2000 service tools for test and calibration do not support user authentication
The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedde...
CVE-2024-31878
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server SST is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538...
CVE-2024-31878
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server SST is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538...
CVE-2024-31878
IBM i Service Tools Server (SST) on IBM i versions 7.2–7.5 is affected by a vulnerability that allows remote user enumeration, enabling an attacker to gather SST user information for targeted attacks. Root cause: SST user profile enumeration via SST endpoints. Impact is listed as confidentiality ...
IBM i Code Issues Vulnerabilities
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A code issue vulnerability exists in IBM I versions 7.2, 7.3, 7.4, and 7.5, which stems from the vulnerability of Service Tools Server SST to SST user enumeration attac...
Half-Year in Review: Recapping the top threats and security trends so far in 2023
From new ransomware groups, a growing mercenary space, espionage campaigns, supply chain attacks, and new "as a service" tools popping up, theres a lot to talk about already in the first half of 2023. Here are the main threats weve covered on our blog up until the end of June 2023. The timeline i...
@questwork/authenticator (>=0.1.0 <=0.1.5), @questwork/qw-service-tools (>=0.0.8 <=0.1.4) +22 more potentially affected by CVE-2021-23561 via comb (>=0.0.6 <=2.0.0)
comb NPM version =0.0.6, =0.1.0, =0.0.8, =0.0.1, =1.0.3, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-23561 Source advisory: SNYK:JS-COMB-1730083...
CVE-2018-11064
Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools that might result ...
CVE-2018-8836
Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port...
WAGO 750 Series Denial of Service Vulnerability
The 750-880, 750-881, and 750-852 are Ethernet switches of the WAGO 750 series. A denial-of-service vulnerability exists in the WAGO 750 series, which can be exploited by remote attacks to cause a denial-of-service condition for communication with debug and service tools...
CVE-2017-16687
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username ...
CVE-2002-1134
Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES 4.0 Service Pack 5 allows local users to read privileged files...
[security bulletin] SSRT2362 WEBES Service Tools (HP Tru64 UNIX, HP OpenVMS, Windows) Potential File Access Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SECURITY BULLETIN SSRT2362 WEBES Service Tools HP Tru64 UNIX, HP OpenVMS, Windows Potential File Access Vulnerability REVISION: 0 ------------------------------------------------------------ NOTICE: There are no restrictions for distribution of this...