112 matches found
InHand Networks InRouter302 iburn firmware checks firmware update vulnerability
Summary A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHand Network...
ELM : When we click on upgrade and try to browse we get the error : there was an error on processing web request : status code 400 (bad Request ) : Bad Request
Error : there was an error on processing web request : status code 400 bad Request : Bad Request...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities
Summary IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities with details below Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerability CVE-2021-31525
Summary IBM Cloud Pak for Integration is vulnerable to Go vulnerability CVE-2021-31525 with details below Vulnerability Details CVEID: CVE-2021-31525 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted header to ReadRequest or...
onlyOwner Role Can Manipulate Price Oracle
Handle leastwood Vulnerability details Impact The V2 LendingController.sol contract incorporates a custom oracle used to fetch the relevant price feeds for token pairs. The onlyOwner role is controlled by a modified timelock contract callable only from a single externally owned account. This role...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)
Summary IBM Cloud Pak for Integration is vulnerable to OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450 with details below. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the...
openSUSE 安全漏洞
openSUSE is a set of Linux-based free operating systems and open source community projects by German company SUSE. A security vulnerability exists in openSUSE, which can be exploited by an attacker to bypass restrictions and perform elevation of privilege via inn's inupgrade...
Upgrade CA server from SHA1 to SHA256
The objective of this article is to explain what SHA-1 is and how to upgrade the XM XenMobile server with SHA-1 based Certificate...
CVE-2021-1488
A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system OS. This...
Input validation
A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system OS. This...
CVE-2021-1488 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000 and 2100 Series Appliances Command Injection Vulnerability
A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system OS. This...
CVE-2021-1488 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 1000 and 2100 Series Appliances Command Injection Vulnerability
A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system OS. This...
PT-2021-2834 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the upgrade process could allow an authenticated, local attacker to inject commands...
Multiple Cisco Products Data Forgery Issue Vulnerabilities
The Cisco 8000 Series Router and the Cisco Network Convergence System 540 Series Routers are both router devices from Cisco USA. A data forgery vulnerability exists in Cisco IOS XR on multiple Cisco routers. The vulnerability is due to an unsigned script in the ISO that is verified without...
CVE-2020-3336
A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service DoS or gain privileged access to the root filesystem. The vulnerabili...
CVE-2020-3336 Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability
A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service DoS or gain privileged access to the root filesystem. The vulnerabili...
PT-2020-9605 · Red Hat · Openshift Container Platform
Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions 3.x Description: A flaw was discovered in the upgrade process of OpenShift Container Platform, specifically when using CRI-O. The issue allows an unprivileged user to escalate their privileges to those...
CVE-2019-16409
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...
CVE-2019-16409
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...
Design/Logic Flaw
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...