CVE-2022-47209

A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means...

CVE-2022-31269

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. This occurs in situations where the CVE-2019-7271 default credentials have been changed...

CVE-2022-2123

The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails...

CVE-2022-23063

In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed...

darkhttpd 安全漏洞

darkhttpd is a software application. When you need a web server. darkhttpd has a security vulnerability that allows a remote attacker to cause a denial of service by accessing a file with a large modification date...

GPAC 输入验证错误漏洞

GPAC is an open source multimedia framework. a security vulnerability exists in GPAC, which stems from the discovery that GPAC v1.1.0 contains an invalid call in the function gfnodechanged. An attacker could exploit the vulnerability to cause a denial of service DoS...

Siemens Mendix 安全漏洞

Siemens Mendix is a low-code application development platform from Siemens, a German company that provides application development, testing, deployment, and iteration capabilities. A security vulnerability in Siemens Mendix allows an authenticated attacker to retrieve the changedDate property of...

Privilege Escalation

apport is vulnerable to privilege escalation. The getmodifiedconffiles function incorrect changed files...

UBUNTU-CVE-2021-23962

Incorrect use of the '' method could have led to a user-after-poison and a potentially exploitable crash. This vulnerability affects Firefox 85...

The vulnerability of the PresentationAvailabilityObserver::AvailabilityChanged method in the Sailfish Browser application of the Aurora operating system allows a perpetrator to trigger a service failure.

The vulnerability of the PresentationAvailabilityObserver::AvailabilityChanged method in the Sailfish Browser application for the Aurora operating system is related to the use of dynamic memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

Security update for bind (moderate)

openSUSE Security Update: Security update for bind Announcement ID: openSUSE-SU-2020:1701-1 Rating: moderate References: 1100369 1109160 1118367 1118368 1128220 1156205 1157051 1161168 1170667 1170713 1171313 1171740 1172958 1173307 1173311 1173983 1175443 1176092 1176674 906079 Cross-References:...

olcne nginx security update

olcne 1.1.6-1 - support upgrading nginx - Adress CVE-2019-9511 - Adress CVE-2018-16845 - Adress CVE-2017-7529 - support upgrading flannel nginx 1.17.7-2 - Changed nginx home dir to /var/lib/nginx for consistency 1.17.7-1 - Added Oracle Specific Build Files for nginx - Adress CVE-2019-9511 - Adres...

Security update for singularity (important)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2020:1100-1 Rating: important References: 1174148 1174150 1174152 Cross-References: CVE-2020-13845 CVE-2020-13846 CVE-2020-13847 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes three...

Release Information for Veeam Backup for AWS v2

Requirements IMPORTANT You cannot update Veeam Backup for AWS operating in the Paid edition to version 2.0 from the Veeam Backup for AWS Web UI. To update the product, you must install Veeam Backup for AWS version 2.0 from AWS Marketplace on a new EC2 instance, and then migrate Veeam Backup for A...

Fedora 31 : systemd (2019-d5bd5f0aa4)

Update to latest release - Emission of Session property-changed notifications from logind is fixed this was breaking the switching of sessions to and from gnome. - Security issue: unprivileged users were allowed to change DNS servers configured in systemd-resolved. Now proper polkit authorization...

CVE-2016-10862

Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page...

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000026 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the improper validation of user-supplied input by the bnx2x...

Fedora 28 : mxml (2019-d333d01e08)

Update to 3.0. License has changed to ASL 2.0 + exception. See https://github.com/michaelrsweet/mxml/releases/tag/v3.0 for more info. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

TAU Threat Intelligence Notification – LockerGoga Ransomware

LockerGoga ransomware has recently surfaced with a few successful infections mostly discovered in Europe that have caused very large and notable damage to businesses. This ransomware uses Windows “living off the land” tools LOLBins for the most part in order to infect and encrypt the victim’s...

CVE-2018-19064

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ftpuser1 account has a blank password, which cannot be changed...