201 matches found
CVE-2021-33045
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. Recent assessments: cbeek-r7 at September 06, 2024 6:04pm UTC reported: On September 5th 2024, CISA...
PT-2021-20028
Name of the Vulnerable Software and Affected Versions Dahua IP Camera firmware versions 2.820.0000000.5.r.210705 Description The issue is related to an identity authentication bypass during the login process. Attackers can construct malicious data packets to bypass device identity authentication...
CVE-2021-1586
A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service DoS condition. This...
Clarification Of Terms MTU and MSS❗️
Discover What MTU and MSS are We now live in an advanced age where a ton of data is shared over short and significant distances by sharing over a dependable connection. The web has become an extremely helpful association network that upholds various frameworks, yet various boundaries engaged with...
Logic Flaw Vulnerability in Cloud Patrol System of Beijing Landsea Electronic Technology Co.
Beijing Landwell Electronic Technology Co., Ltd Landwell for short, has created all the mobile automatic identification products with independent intellectual property rights and independent brand "LANDWELL"; and built a high-tech enterprise which is integrated with the research, development,...
FragAttack: New Wi-Fi vulnerabilities that affect… basically everything
A new set of vulnerabilities with an aggressive name and their own website almost always bodes ill. The name FragAttack is a contraction of fragmentation and aggregation attacks, which immediately indicates the main area where the vulnerabilities were found. The vulnerabilities are mostly in how...
Mingyuan Cloud Data Center has a logic flaw vulnerability
Shenzhen Mingyuan Cloud Technology Co., Ltd. is a digital service provider of real estate ecological chain. A logic flaw vulnerability exists in the Mingyuan Cloud Data Center. Attackers use the vulnerability to access the backend interface and obtain sensitive information by intercepting data...
SUSE-SU-2020:1511-2 Security update for java-11-openjdk
This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 April 2020 CPU, bsc1169511. Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service bsc1169511. - CVE-2020-2755: Fixed an...
Security update for java-11-openjdk (important)
openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2020:0757-1 Rating: important References: 1167462 1169511 Cross-References: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800...
Ubuntu 16.04 LTS / 18.04 LTS : OpenJDK vulnerabilities (USN-4337-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4337-1 advisory. It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial o...
Juniper Networks Junos OS Denial of Service Vulnerability (CNVD-2020-33719)
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS that arises from the program's failure to properly handle...
CVE-2020-6986
In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result...
CVE-2015-1853
chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service inability to synchronize via random timestamps in crafted NTP data packets...
Fujitsu Wireless Keyboard Plagued By Unpatched Flaws
Two high-severity flaws, discovered in a popular Fujitsu wireless keyboard set, could allow attackers from a short distance away to “eavesdrop” on passwords entered into the keyboards, or even fully takeover a victim’s system. Making matters worse, the impacted Fujitsu wireless keyboard LX390...
CVE-2019-9680
Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include:...
Design/Logic Flaw
Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include:...
CVE-2019-9680
CVE-2019-9680 affects Dahua devices (e.g., IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X, IPC-HFW5X2X) with builds prior to August 18, 2019. The issue is information leakage: attackers can obtain the device’s IP address and model informati...
CVE-2019-9680
Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include:...
Exploit for Injection in Atlassian Jira_Server
CVE-2019-11581 Atlassian JIRA Template injection vulnerabil...
eCar Insurance Coverage App Has Logic Flaw Vulnerability
eCar Insurance is a mobile Internet car insurance software application platform developed by Chengdu Zhongtong Technology Co. eCar Insurance APP has a logic flaw vulnerability, the vulnerability stems from the SMS verification code in the data return packet plaintext display, the attacker can use...