116 matches found
CVE-2019-13033
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...
CVE-2019-13033
In the CISOfy Lynis family, CVE-2019-13033 affects Lynis 2.x up to 2.7.5, where the license key can be exposed by inspecting the process list during a data upload. The license can be used to upload data to a central Lynis server, potentially enabling insertion of data from additional scans, thoug...
CVE-2019-13033
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...
CVE-2019-13033
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...
CVE-2020-9280: Folders migrated from 3.x may be unsafe to upload to
More info at https://www.silverstripe.org/download/security-releases/cve-2020-9280/...
The vulnerability of the Modbus microprogramming software protocol allows a perpetrator to execute commands for starting, stopping, downloading, and uploading data on the device.
The vulnerability of the Modbus microprogramming software for programmable logic controllers lies in the transmission of confidential information in an unencrypted form. Exploiting this vulnerability allows a malicious actor to execute commands such as start, stop, download, and upload operations...
Wary of the use of the Office vulnerabilities to spread commercial spyware AgentTesla-vulnerability warning-the black bar safety net
Background overview AgentTesla was originally a released in 2014 the simple key loggers, and in recent years its development team which constantly adds many new features, and sale. AgentTesla has now become a commercial spyware that can be controlled by the end of the generation to meet the...
Malicious Package
Overview All versions of requets typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...
Malicious Package
Overview All versions of aasync typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...
Malicious Package
Overview All versions of jajajejejiji typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether...
Unspecified Vulnerability in Green Electronics RainMachine Mini-8 (CNVD-2019-28250)
The Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics USA. A security vulnerability exists in the 'Weather Service' feature in the Green Electronics RainMachine Mini-8 2nd generation. The vulnerability can be exploited to inject arbitrary Python code via...
Design/Logic Flaw
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product's update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable...
CVE-2018-10626 Medtronic MyCareLink 24950 Patient Monitor Insufficient Verification of Data Authenticity
Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLin...
CVE-2018-10626
Medtronic MyCareLink 24950/24952 Patient Monitors are affected by CVE-2018-10626: the update service does not sufficiently verify data authenticity, enabling an attacker with per‑product credentials to upload invalid data to the CareLink network (CWE-345). Connected advisories corroborate affecte...
Skyworth smart TVs have smart hardware vulnerabilities
Skyworth Group Limited is a publicly listed technology company specializing in the production of consumer electronics, networking and communication products. A smart hardware vulnerability exists in Skyworth Smart TV. The vulnerability is due to Skyworth Smart TV's failure to restrict permissions...
CVE-2017-11349
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...
CVE-2017-11349
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...
Code injection
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...
CVE-2016-0757
OpenStack Image Service (Glance) vulnerable CVE-2016-0757 affects 11.0.x before 11.0.2 (liberty) and 2015.1.3 (kilo) when show_multiple_locations is enabled. The issue allows a remote authenticated attacker to change image status and upload new image data by removing the last location of an image...
CVE-2016-0757
OpenStack Image Service Glance before 2015.1.3 kilo and 11.0.x before 11.0.2 liberty, when showmultiplelocations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image...