71 matches found
CVE-2024-3913 Phoenix Contact: Start sequence allows attack during the boot process
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...
CVE-2024-3913 Phoenix Contact: Start sequence allows attack during the boot process
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...
CVE-2024-3913
CVE-2024-3913 affects Phoenix Contact CHARX SEC-3100. An unauthenticated remote attacker can change device configuration via a file that is writable for a short window after system startup. Public details identify the product and the timing window; no fix/version is provided in the connected sour...
Provisioning Services Boot Process Diagram
...
Cisco Catalyst 9200 Series Switch Data Forgery Issue Vulnerability
Cisco Catalyst 9200 Series Switches is a switch from Cisco, U.S. A data forgery vulnerability exists in the software image validation feature of Cisco Catalyst 9200 Series Switches, which could be exploited by an attacker to execute unsigned code at system startup...
CVE-2022-39000
The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup...
CVE-2022-39000
The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup...
CVE-2022-39000
The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup...
CVE-2022-39000
CVE-2022-39000 affects Huawei HarmonyOS iAware module. The vulnerability allows malicious apps to automatically start at system startup, with a CVSS v3.1 base score of 9.8 (Network attack, Low complexity, No privileges or user interaction required; impacts Confidentiality, Integrity, Availability...
Ubuntu: Security Advisory (USN-81-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Hardcoded credentials
A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this...
CVE-2022-22144
A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this...
TCL LinkHub Mesh Wifi libcommonprod.so prod_change_root_passwd hard-coded password vulnerability
Talos Vulnerability Report TALOS-2022-1459 TCL LinkHub Mesh Wifi libcommonprod.so prodchangerootpasswd hard-coded password vulnerability August 1, 2022 CVE Number CVE-2022-22144 SUMMARY A hard-coded password vulnerability exists in the libcommonprod.so prodchangerootpasswd functionality of TCL...
Improper access control
A vulnerability in Mitel 6900 Series IP MiNet phones excluding 6970, versions 1.8 1.8.0.12 and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploi...
Siemens Nucleus ReadyStart Type Obfuscation Vulnerability
Siemens Nucleus ReadyStart is a bundled solution from Siemens, Germany. It is used to accelerate the fast startup of complete systems and provides a rich set of board support packages Bsp. A security vulnerability exists in Siemens Nucleus ReadyStart, which originates from an ICMP echo packet wit...
The vulnerability of Kaspersky Endpoint Security’s antivirus protection for Windows involves errors during path restriction for restricted access directories. This allows a malicious user to trigger a service failure when loading the operating system.
The vulnerability of Kaspersky Endpoint Security for Windows relates to errors during path limitation for restricted access directories. Exploiting this vulnerability can allow a malicious actor to cause a service failure when the operating system is loaded...
SUSE: Security Advisory (SUSE-SU-2019:0137-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:0135-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cisco IOS XE OS Command Injection Vulnerability
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An OS command injection vulnerability exists in ROMMON of Cisco IOS XE. The vulnerability stems from incorrect validation of specific function parameters passed to the startup...
CVE-2021-1449
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploi...