CVE-2024-44092

There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Security Bulletin: IBM Maximo Application Suite uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to CVE-2024-4067.

Summary IBM Maximo Application Suite uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-34069 DESCRIPTION: Pallets Werkzeug could allow a remote attacker to...

Siemens SIMATIC RFID Readers Hidden Function Vulnerability (CNVD-2024-38007)

SIMATIC RF600 Readers are used for contactless identification of a variety of objects such as shipping containers, pallets, production goods, or often for recording bulk goods.SIMATIC RF1100 is an RFID-based solution for simple and versatile electronic authorization management.SIMATIC RF360R read...

CVE-2024-45027 usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci-interrupters being allocated in xhcimemclearup If xhcimeminit fails, it calls into xhcimemcleanup to mop up the damage. If it fails early enough, before xhci-interrupters is allocated but after...

Siemens SIMATIC 安全漏洞

SIMATIC RF600 Readers are used for contactless identification of a variety of objects such as shipping containers, pallets, production goods, or often for recording bulk goods.SIMATIC RF1100 is an RFID-based solution for simple and versatile electronic authorization management.SIMATIC RF360R read...

Juniper SSH Backdoor Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh' class MetasploitModule 'Juniper SSH Backdoor Scanner', 'Description' = %q This module scans for the Juniper SSH backdoor also valid on Telnet. Any...

PUB-A-345848543

In TBD of TBD, there is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

SonicWALL SSL-VPN Format String

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SonicWALL SSL-VPN Format String Vulnerability', 'Description' = %q There is a format string vulnerability within the SonicWALL SSL-VPN Appliance ...

Chargen Probe Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chargen Probe Utility', 'Description' = %q Chargen is a debugging and measurement tool and a character generator service. A character generator...

CVE-2024-43444

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

UBUNTU-CVE-2024-43444

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

CVE-2024-43444 Passwords are written to Admin Log Module

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

PT-2024-5942 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.50 OTRS version 8.0.X OTRS version 2023.X OTRS versions 2024.X through 2024.5.X OTRS Community Edition version 6.0.x Description: The issue is related to the OTRS admin log module, where passwords of agents and...

CVE-2024-31800

Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port...

CVE-2024-31799

Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port...

CVE-2024-31800

Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port...

CVE-2024-31799

CVE-2024-31799 affects GNCC’s GC2 Indoor Security Camera 1080P. The flaw: an attacker with physical access can read the WiFi passphrase through the UART Debug Port, exposing sensitive network credentials via direct hardware access. The underlying cause is information disclosure via an accessible ...

CVE-2024-31800

The CVE-2024-31800 entry concerns the GNCC GC2 Indoor Security Camera 1080P. Affected component: the device’s UART Debugging Port enables an authentication bypass, allowing a physically present attacker to obtain a privileged command shell. Documented impact includes high confidentiality, integri...

CVE-2024-31799

Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port...

CVE-2024-31799

Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port...