CVE-2021-22460

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism...

EUVD-2022-50989

Malicious code in bioql PyPI...

EUVD-2023-53989

Malicious code in bioql PyPI...

EUVD-2021-9606

Malicious code in bioql PyPI...

EUVD-2023-53991

Malicious code in bioql PyPI...

CVE-2024-43099

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...

CVE-2024-43099 AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay

The session hijacking attack targets the application layer's control mechanism, which manages authenticated sessions between a host PC and a PLC. During such sessions, a session key is utilized to maintain security. However, if an attacker captures this session key, they can inject traffic into a...

Unauthorized Access and Control in Proxy Contract

Lines of code Vulnerability details Summary: The code contains a bug that can lead to unauthorized access and control over the contract. This bug allows any caller, even those who are not the owner or address0, to bypass the intended access control mechanisms and execute arbitrary code on the...

CVE-2023-2665

Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0...

Update now! Zyxel patches critical firewall bypass vulnerability

In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Zyxel is a Taiwanese producer of modems and other networking equipment and its products are sold in over 150 countries. The...

Enforced Owner Can Extract Funds From The Contract

Lines of code Vulnerability details Impact During the code review, It has been observed that access control mechanisms are checked with the following line. LibDiamond.enforceIsContractOwner; The withdraw gaves abilitiy to contract owner extract all funds are sent to contract. This poses...

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

CVE-2021-22460

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism...

Security feature bypass

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism...

Cisco Firepower Management Center Software Policy (cisco-sa-fmc-iac-pZDMQ4wC)

A vulnerability in an access control mechanism of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to access services beyond the scope of their authorization. This vulnerability is due to insufficient enforcement of access control in the affected...

Slack: Possibility to freeze/crash the host system of all Slack Desktop users easily

Hello, I report here what I suspect to be a critical issue for all your users using the Slack Desktop app. Please find below my research way and the corresponding POC result: First, I started by exploring the content of the file app.asar of the Slack Dresktop application. I was firstly attrackted...

Lutron Quantum BACnet Integration Devices Information Disclosure Vulnerability

Lutron Quantum BACnet Integration device is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

Samsung Smart TV Wi-Fi Direction Improper Authentication Vulnerability

Exploit for hardware platform in category remote exploits Samsung Smart TV Wi-Fi Direct Improper Authentication -------------------------------------------------------------------------------- 1. Advisory Information Title: Samsung Smart TV Wi-Fi Direct Improper Authentication Advisory ID:...

CVE-2016-9111

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the...

F5 Networks BIG-IP : NTP vulnerability (K16393)

Some kernels do not offer protection for ::1 source addresses on IPv6 interfaces. Since NTP's access control mechanism is based on source address and localhost addresses generally have no restrictions, an attacker may be able to send malicious control and configuration packets by spoofing ::1...