154 matches found
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12394)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12394 advisory. - An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x8664 lacks consistency checks for CR0 and CR4...
Cisco Secure Workload 安全漏洞
Cisco Secure Workload is a software from Cisco that allows users to install software agents on their application workloads. A security vulnerability exists in the Cisco Secure Workload OpenAPI, which can be exploited by remote attackers to submit a special request that can be used to perform...
Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-6149-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6149-1 advisory. Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests,...
Amazon Linux AMI : kernel (ALAS-2023-1750)
The version of kernel installed on the remote host is prior to 4.14.314-164.539. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1750 advisory. In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to...
Hitron Technologies CODA 访问控制错误漏洞
Hitron Technologies CODA is a wireless router from Hitron Technologies China. An access control error vulnerability exists in Hitron Technologies CODA version 7.2.4.7.1b3, which stems from an insufficient authentication issue in the system configuration interface. An attacker could exploit this...
CVE-2023-25946
Authentication bypass vulnerability in Qrio Lock Q-SL2 firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions...
Use-After-Free
linux-lts is vulnerable to Use-After-Free. The vulnerability occurs within the netfilter 'nftables' when processing batch requests. This can be abused and used to perform arbitrary read and write operations on to the kernel memory...
CVE-2023-32233
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled...
CVE-2023-28697
CVE-2023-28697 affects Moxa MiiNePort E1 embedded module. The issue is insufficient access control, allowing an unauthenticated remote user to perform arbitrary system operations or disrupt service. Root cause and impacted details are described across multiple sources (NVD/CNVD/CVE records, CNVD,...
Cross site request forgery (csrf)
UNSUPPORTED WHEN ASSIGNED Cross-site request forgery CSRF vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page...
CVE-2023-22375
Cross-site request forgery CSRF vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability...
ZTE ZXA10 C3XX 安全漏洞
ZTE ZXA10 C3XX is a series of optical access aggregation equipment with EPON/GPON function from China ZTE Corporation ZTE. An access control error vulnerability exists in the ZTE ZXA10 C3XX version 2.1.0 and later, before 2.1.0xgp002.4. The vulnerability stems from improper access control setting...
PT-2022-24712 · Zte · Zte Pon Olt
Name of the Vulnerable Software and Affected Versions: ZTE PON OLT products affected versions not specified Description: The issue is related to improper access control settings in ZTE PON OLT products, allowing remote attackers to log in to the device and execute any operation. Recommendations: ...
Arbitrary file deletion
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol 4000/TCP, 5000/TCP for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the...
JVN#46892984: Multiple vulnerabilities in Rakuten Casa
Rakuten Casa provided by Rakuten Mobile, Inc. contains multiple vulnerabilities listed below. Use of Hard-coded Credentials CWE-798 - CVE-2022-29525 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N| Base Score: 5.9 CVSS v2| AV:N/AC:M/Au:N/C:C/I:N/A:N| Base...
CVE-2022-29518
Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 seriesGC-A22W-CW, GC-A24W-CW, GC-A26W-CW, GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2, and Real time remote monitoring and contr...
CVE-2022-29518
Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 seriesGC-A22W-CW, GC-A24W-CW, GC-A26W-CW, GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2, and Real time remote monitoring and contr...
PT-2022-19674 · Unknown +1 · Hmi Gc-A2 Series +2
Name of the Vulnerable Software and Affected Versions: Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01 HMI GC-A2 series versions including GC-A22W-CW, GC-A24W-CW, GC-A26W-CW, GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2 Real time remote monitoring and control tool Remote GC...
ASUS RT-AC56U Heap Buffer Overflow Vulnerability
The ASUS RT-AC56U is a dual-band Wi-Fi router from ASUS China. A security vulnerability exists in the ASUS RT-AC56U, which originates from an insufficient validation of the decryption parameter length, and allows an attacker to execute arbitrary code, arbitrary operations, and interrupt services...
ASUS RT-AX56U Stack Buffer Overflow Vulnerability
The ASUS RT-AX56U is a wireless router from ASUS of Taiwan, China. The ASUS RT-AX56U suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code, perform arbitrary operations, or interrupt services...