Devy Mega-Fence 安全漏洞

Devy Mega-Fence is a middleware for traffic control and online queuing from Devy Korea. A security vulnerability exists in Devy Mega-Fence versions 25.1.914 and earlier, which stems from trusting the X-Forwarded-For header value and could lead to client-side IP spoofing...

EUVD-2012-4451

Malware in sbrugna...

EUVD-2019-13652

Malware in sbrugna...

EUVD-2022-35395

Malicious code in bioql PyPI...

CVE-2024-20153

In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598...

GHSA-F5H4-WMP5-XHG6 Client Spoofing within the Keycloak Device Authorisation Grant

Under certain pre-conditions the vulnerability allows an attacker to spoof parts of the device flow and use a devicecode to retrieve an access token for other OAuth clients...

Velocidex Velociraptor 授权问题漏洞

Velocidex Velociraptor is a tool from Velocidex Australia that uses Velociraptor Query Language VQL queries to collect host-based state information. An authorization issue vulnerability exists in Velocidex Velociraptor versions prior to 0.6.5-2, which stems from an error in the handling of...

Honeywell Saia Burgess PG5 PCD 授权问题漏洞

Honeywell Saia Burgess PG5 PCD is a Honeywell USA solution that includes SBC Instrumentation, Control and Automation ICA devices for implementation and operational automation. A security vulnerability exists in all versions of the Honeywell Saia Burgess PG5 PCD, which stems from the use of the...

CVE-2022-30189

Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability...

Zoho Site24x7 Mobile Network Poller SSL Certificate Validation Security Bypass Vulnerability

Zoho Site24x7 is a full-service website monitoring network that can easily, quickly and efficiently monitor users' websites, web pages and web servers, and provide rich reports to ensure the normal operation of websites. A security bypass vulnerability exists in Zoho Site24x7 Mobile Network Polle...

EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1059)

According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java...

CVE-2009-5144

mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate...

MGASA-2018-0104 Updated java-1.8.0-openjdk packages fix security vulnerability

Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2018-2582, CVE-2018-2641. It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to...

CVE-2017-13079

Wi-Fi Protected Access WPA and WPA2 that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key IGTK during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients...

EMC Isilon OneFS and EMC IsilonSD Man-in-the-Middle Attack Vulnerabilities

EMC Isilon OneFS and EMC IsilonSD Edge are both products from EMC Corporation USA. The former is a distributed file system that supports EMC Isilon a horizontally scalable storage system, and the latter is a data management solution for simplifying data management in remote offices or edge...

Hitachi Web Server Vulnerability in SSL Client Authentication

Overview Hitachi Web Server contains a vulnerability in handling SSL client certificates, which could allow an attacker to manipulate environment variables and/or spoof the client to access Web servers. Impact An attacker could manipulate environment variables and/or spoof the client to access We...

CVE-2001-0860

The CVE-2001-0860 entry documents a vulnerability in Terminal Services Manager MMC on Windows 2000 and Windows XP where the service trusts the Client Address (IP) provided by the client instead of deriving it from packet headers. This enables IP address spoofing (e.g., via NAT). Root cause: the t...