Siemens 多款产品 安全漏洞

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. A hidden function vulnerability exists in Siemens SIMATIC RTLS Locating Manager due to an affected application containing hidde...

RHEL 9 : Red Hat OpenStack Platform 17.0 (etcd) (RHSA-2023:3441)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3441 advisory. A highly-available key value store for shared configuration Security Fixes: Information discosure via debug function CVE-2021-28235 Key name...

PT-2024-23263 · Unknown · Mzk-Mf300N

Name of the Vulnerable Software and Affected Versions: MZK-MF300N all firmware versions Description: An active debug code vulnerability exists, allowing a logged-in user who knows how to use the debug function to perform unintended operations when accessing the device's management page...

CVE-2023-24471 Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2

An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normal...

PT-2023-19628 · Nozomi Networks · Cmc +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: An access control issue was found due to restrictions not being enforced in the debug functionality. This allows an authenticated user with reduced visibility to obtain unauthorized...

Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2

Summary An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. Impact An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data th...

CVE-2023-3040 Out of Bounds Access Leading to Undefined Behavior

A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a merged in PR 14 contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that...

CVE-2023-3040

CVE-2023-3040 concerns the lua-resty-json library. A debug function, present up to commit 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14), contained an out-of-bounds access bug. If this function is used to parse untrusted input data, it could allow an attacker to trigger a DoS. The fu...

CVE-2023-3040 Out of Bounds Access Leading to Undefined Behavior

A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a merged in PR 14 contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that...

PT-2023-22671 · Unknown · Lua-Resty-Json

Name of the Vulnerable Software and Affected Versions: lua-resty-json versions up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a Description: A debug function in the lua-resty-json package contained an out of bounds access bug that could have allowed an attacker to launch a Denial of Servi...

lua-resty-json 缓冲区错误漏洞

Cloudflare lua-resty-json is Cloudflare's json library for use with lua and C. It has a security vulnerability in its previous version. A security vulnerability exists in versions prior to lua-resty-json 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a, which stems from the fact that an attacker may be...

etcd: Information discosure via debug function

A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges...

etcd: Information discosure via debug function

A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges...

etcd: Information discosure via debug function

A flaw was found in etcd, where etc-io could allow a remote attacker to gain elevated privileges on the system caused by a vulnerability in the debug function. By sending a specially crafted request, an attacker can gain elevated privileges...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

CVE-2023-21496

Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level...

PT-2023-18250 · Unknown · Activitymanagerservice

Name of the Vulnerable Software and Affected Versions: ActivityManagerService versions prior to SMR May-2023 Release 1 Description: The issue allows an attacker to utilize a debug function by setting the debug level, potentially exploiting the Active Debug Code vulnerability in...

CBL Mariner 2.0 Security Update: etcd (CVE-2021-28235)

The version of etcd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-28235 advisory. - Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the...

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.

...

CVE-2023-26588

Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016...