EUVD-2021-0096

Malware in sbrugna...

EUVD-2024-1663

Malicious code in bioql PyPI...

CVE-2023-39854

The web interface of ATX Ucrypt through 3.5 allows authenticated users or attackers using default credentials for the admin, master, or user account to include files via a URL in the /hydra/view/getccurl url parameter. There can be resultant SSRF...

CVE-2020-36245

GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network...

CVE-2020-28993

A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request...

CVE-2024-34360

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

CVE-2024-34360 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

CVE-2024-34360 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

go-spacemesh is a Go implementation of the Spacemesh protocol full node. Nodes can publish activations transactions ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an...

CVE-2024-34360

CVE-2024-34360 affects go-spacemesh (Spacemesh full-node implementation). The issue is that ATXs can reference an incorrect previous ATX instead of the latest, breaking the protocol’s single-chain requirement from newest to oldest ATX by an identity. This can enable an attack vector where nodes m...

GHSA-JCQQ-G64V-GCM7 Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

Impact Nodes can publish ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier but not the latest ATX as previous break...

Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX

Impact Nodes can publish ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier but not the latest ATX as previous break...

PT-2024-25818 · Unknown · Spacemesh Api +1

Name of the Vulnerable Software and Affected Versions: go-spacemesh versions prior to 1.5.2-hotfix1 Spacemesh API versions prior to 1.37.1 Description: The issue allows nodes to publish activations transactions ATXs that reference an incorrect previous ATX of the Smesher that created the ATX. Thi...

CVE-2023-39854

The web interface of ATX Ucrypt through 3.5 allows authenticated users or attackers using default credentials for the admin, master, or user account to include files via a URL in the /hydra/view/getccurl url parameter. There can be resultant SSRF...

CVE-2023-39854

The web interface of ATX Ucrypt through 3.5 allows authenticated users or attackers using default credentials for the admin, master, or user account to include files via a URL in the /hydra/view/getccurl url parameter. There can be resultant SSRF...

CVE-2023-39854

The web interface of ATX Ucrypt through 3.5 allows authenticated users or attackers using default credentials for the admin, master, or user account to include files via a URL in the /hydra/view/getccurl url parameter. There can be resultant SSRF...

Default credentials

The web interface of ATX Ucrypt through 3.5 allows authenticated users or attackers using default credentials for the admin, master, or user account to include files via a URL in the /hydra/view/getccurl url parameter. There can be resultant SSRF...

PT-2023-27137 · Unknown · Atx Ucrypt

Name of the Vulnerable Software and Affected Versions: ATX Ucrypt versions 3.5 and earlier Description: The web interface of ATX Ucrypt allows authenticated users, or attackers using default credentials for the admin, master, or user account, to include files via a URL in the "/hydra/view/get cc...

CVE-2023-39854

The web interface of ATX Ucrypt through 3.5 allows authenticated users or attackers using default credentials for the admin, master, or user account to include files via a URL in the /hydra/view/getccurl url parameter. There can be resultant SSRF...

ATX Ucrypt Code Issue Vulnerability

ATX Ucrypt is a series of media distribution gateways over IP Q2IP from ATX America, Inc. It is designed to provide reliable and secure HD or SD programming to hotels or other commercial venues. A security vulnerability exists in ATX Ucrypt 3.5 and prior versions, which stems from the presence of...

CVE-2023-39854

CVE-2023-39854 affects ATX Ucrypt 3.5 and earlier. The vulnerability allows authenticated users, or attackers using default admin/master/user credentials, to include files via the /hydra/view/get_cc_url parameter, enabling Server-Side Request Forgery (SSRF). Multiple sources (Red Hat, NVD, CNNVD,...