15 matches found
CVE-2026-33599 Out-of-bounds read in service discovery
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...
PowerDNS DNSdist 缓冲区错误漏洞
PowerDNS DNSdist is a proxy software provided by PowerDNS that offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a buffer error vulnerability, which stems from malicious backends that can send specially crafted SVCB responses to resolver discovery...
CVE-2019-3977
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system...
GHSA-WQQ8-MQJ9-697F PrestaShop autoupgrade module ZIP archives were vulnerable from CVE-2017-9841
Impact We have identified that some autoupgrade module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported in...
PrestaShop autoupgrade module ZIP archives were vulnerable from CVE-2017-9841
Impact We have identified that some autoupgrade module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported in...
PHICOMM K2 Remote Code Execution Vulnerability
The PHICOMM K2 is a wireless router from the Chinese company PHICOMM. A remote code execution vulnerability exists in /usr/lib/lua/luci/controller/admin/autoupgrade.lua in PHICOMM K2 version V22.5.9.163, which can be exploited to execute arbitrary commands using shell metacharacters in the...
CVE-2019-19117
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2PSG1218 V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter...
CVE-2019-3977
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system...
Design/Logic Flaw
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system...
CVE-2019-3977
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system...
CVE-2019-3977
CVE-2019-3977 affects MikroTik RouterOS. The vulnerability arises from insufficient validation of the origin of upgrade packages during autoupgrade, allowing a remote attacker to trick a device into upgrading to an older RouterOS version and potentially reset all usernames and passwords. Document...
Fedora 13 : mediawiki-1.16.4-58.fc13 (2011-5807)
This update brings mediawiki to version 1.16.4, which is the latest stable release at the moment, but currently also the only supported and recommended release by the mediawiki developer community. Further changes : - some simple wiki management functionality was added : - mw-createinstance creat...
Fedora 14 : mediawiki-1.16.4-58.fc14 (2011-5812)
This update brings mediawiki to version 1.16.4, which is the latest stable release at the moment, but currently also the only supported and recommended release by the mediawiki developer community. Further changes : - some simple wiki management functionality was added : - mw-createinstance creat...
Fedora 15 : mediawiki-1.16.4-58.fc15 (2011-5848)
This update brings mediawiki to version 1.16.4, which is the latest stable release at the moment, but currently also the only supported and recommended release by the mediawiki developer community. Further changes : - some simple wiki management functionality was added : - mw-createinstance creat...
Fedora 15 : mediawiki-1.16.4-57.fc15 (2011-5495)
This update brings mediawiki to version 1.16.2, which is the latest stable release at the moment, but currently also the only supported and recommended release by the mediawiki developer community. Further changes : - some simple wiki management functionality was added : - mw-createinstance creat...