187 matches found
Honeywell Saia Burgess PG5 PCD 授权问题漏洞
Honeywell Saia Burgess PG5 PCD is a Honeywell USA solution that includes SBC Instrumentation, Control and Automation ICA devices for implementation and operational automation. A security vulnerability exists in all versions of the Honeywell Saia Burgess PG5 PCD, which stems from the use of the...
DEBIAN-CVE-2022-2469
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...
PT-2022-7683
Name of the Vulnerable Software and Affected Versions GNU SASL libgsasl affected versions not specified Description The issue is related to a server-side read-out-of-bounds condition in GNU SASL libgsasl, which can be triggered by a malicious authenticated GSS-API client. This could potentially...
DEBIAN-CVE-2021-34431
In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker...
UBUNTU-CVE-2021-34431
In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker...
Eclipse Mosquitto 安全漏洞
Eclipse Mosquitto is an open source messaging agent software suite from the Eclipse Foundation. A security vulnerability exists in Eclipse Mosquitto version 1.6 through 2.0.10, where a memory leak occurs when an authenticated client sends a carefully crafted CONNECT message to the agent, which ca...
Authorization Bypass
ceph:edge is vulnerable to authorization bypass. ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks...
ALPINE-CVE-2021-28166
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...
CVE-2021-28166
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...
Null pointer dereference
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...
UBUNTU-CVE-2021-28166
In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...
UBUNTU-CVE-2021-26713
A stack-based buffer overflow in resrtpasterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession...
PT-2021-17107 · Sangoma +1 · Asterisk +1
Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions prior to 16.16.1 Sangoma Asterisk versions 17.x prior to 17.9.2 Sangoma Asterisk versions 18.x prior to 18.2.1 Certified Asterisk versions prior to 16.8-cert6 Description: A stack-based buffer overflow in res rtp...
CVE-2020-4590
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650...
CVE-2020-10736
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly...
CVE-2020-10736
CVE-2020-10736 affects Ceph 15.2.0 up to, but not including, 15.2.2. The root cause is an authorization bypass in ceph-mon and ceph-mgr that allows an authenticated client to access unauthorized resources and modify configuration, potentially enabling further attacks. The documented impact is hig...
Malicious Package
Overview authenticated-client is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
CVE-2020-8442
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...
CVE-2020-8442
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...
Heap overflow
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...