01_basic_webpack (>=1.0.0 <=1.0.8), 0726react (=0.1.1) +12885 more potentially affected by CVE-2022-0613 via urijs (>=1.16.1 <=1.19.7)

urijs NPM version =1.16.1, =1.0.0, =1.0.9, =0.0.1, =0.0.1-beta.0, =1.0.0, =1.0.4, =1.0.1, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =0.0.3 and more Source cves: CVE-2022-0613 Source advisory: OSV:GHSA-GCV8-GH4R-25X6...

CVE-2021-46265

Tenda AC Series Router AC11V02.03.01.104CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service DoS via crafted overflow data...

CVE-2021-46265

Tenda AC Series Router AC11V02.03.01.104CN was discovered to contain a stack buffer overflow in the wanBasicCfg module. This vulnerability allows attackers to cause a Denial of Service DoS via crafted overflow data...

Tenda AC11 缓冲区错误漏洞

Tenda AC11 is a router from Tenda, China. wanBasicCfg module of Tenda AC Series Router AC11V02.03.01.104CN is vulnerable to a buffer overflow vulnerability, which can be exploited by attackers to cause a denial of service via specially crafted overflow data...

CVE-2021-22817

CVE-2021-22817 affects Schneider Electric Harmony/Magelis iPC Series, Vijeo Designer (pre V6.2 SP11 HotFix 4), and Vijeo Designer Basic (pre V1.2.1). The root cause is a CWE-276 Incorrect Default Permissions that can allow unauthorized access to the base installation directory, enabling local pri...

Schneider Electric 多款产品安全漏洞

Schneider Electric Vijeo Designer Basic and Schneider Electric Vijeo Designer are both a suite of programming and design software for HMIs Human Machine Interfaces from Schneider Electric, France. A security vulnerability exists in a number of Schneider Electric products, which can be exploited b...

Schneider Electric Modicon M221 PLCs and SoMachine Basic Protection Mechanism Failure (CVE-2017-7575)

Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port 502/tcp. Subsequently the application may be arbitrarily downloaded, modified, and uploaded...

Schneider Electric Modicon M221 PLCs and SoMachine Basic Use of Hard-Coded Cryptographic Key (CVE-2017-7574)

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded- key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2022-24145

Tenda AX3 v16.03.12.10CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service DoS via the security and security5g parameters...

CVE-2022-24145

Tenda AX3 v16.03.12.10CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service DoS via the security and security5g parameters...

Sealevel Systems, Inc. SeaConnect 370W Web Server information disclosure vulnerability

Summary An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger...

WordPress Accesspress Basic theme <= 3.2.1 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Accesspress Basic theme versions = 3.2.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

Mageia: Security Advisory (MGASA-2017-0371)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-43298

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until...

CVE-2021-43298

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until...

Embedthis Software GoAhead 安全漏洞

Embedthis Software GoAhead is an embedded Web server from Embedthis Software. A security vulnerability exists in Embedthis Software GoAhead, which stems from the fact that the code that performs password matching during "basic" HTTP authentication does not use the constant time memcmp and is not...

WordPress Accesspress Basic theme <= 3.2.1 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Accesspress Basic theme versions = 3.2.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

CVE-2021-43269

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...

CVE-2021-43269

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...

CVE-2022-22530

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being...