CVE-2021-44262

A vulnerability is in the 'MNUtop.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device...

RHEL 7 : kpatch-patch (RHSA-2022:0592)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0592 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

RHEL 8 : kpatch-patch (RHSA-2022:0590)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0590 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

CVE-2020-22061

SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140...

Philips IntelliBridge EC 40 and EC 80 Hub

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Low attack complexity Vendor: Philips Equipment: IntelliBridge EC 40 and EC 80 Hub Vulnerabilities: Use of Hard-coded Credentials, Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of these...

PT-2025-40761

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s MHI host component where the values read from the CHDBOFF and ERDBOFF registers are not properly validated. If these values fall outside the acceptabl...

Fortinet FortiWLC SQL注入漏洞

Fortinet FortiWLC is a wireless LAN controller from Fortinet. A security vulnerability in Fortinet FortiWLC version 8.6.1 and below can be exploited by an attacker to disclose device, user, and database information via a crafted HTTP request...

DIALink cross-site scripting vulnerability (CNVD-2021-84841)

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

DIALink Sensitive Information Explicit Transfer Vulnerability

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

DIALink cross-site scripting vulnerability (CNVD-2021-84839)

DIALink is an equipment networking platform from Delta Electronics that effectively manages CNC machines and PLC-controlled machines, collects on-site equipment data and connects it to the upper management platform through a unified interface, and at the same time provides visual information...

MAC1100 PLC 信息泄露漏洞

The MAC1100 PLC is an industrial control product PLC. An information disclosure vulnerability exists in the EPA protocol of the MAC1100 PLC, which could allow an attacker to read a specific storage area and collect relevant device information in the PLC via an unauthorized EPA read operation, whi...

CVE-2021-21792

An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet IRP can lead to privileged reads in the context of a driver which can result in sensitive information...

PT-2024-11307 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a Use After Free UAF bug in the fza probe function. The fp variable, which is netdev private data, cannot be used after the free netdev call. Using fp after fre...

Bluetooth SQL注入漏洞

Bluetooth is a short-range wireless technology standard from the Bluetooth Special Interest Group SIG standards organization for exchanging data between fixed and mobile devices over short distances using UHF radio waves in the ISM band from 2.402 GHz to 2.48 GHz, and for building Personal Area...

MDR Vendor Must-Haves, Part 2: Ingestion of Network Device Data

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” There are many factors to consider when assessing which Managed Detection and Response MDR vendor is the right f...

Cisco Application Services Engine 访问控制错误漏洞

Cisco Application Services Engine provides a common platform for deploying Cisco data center applications. An unauthorized access vulnerability exists in Cisco Application Services Engine 1.13d and earlier versions, which can be exploited by a remote, unauthenticated attacker to elevate access to...

Fuji Electric Tellus Lite V-Simulator和Fuji Electric V-Server Lite 缓冲区错误漏洞

Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric Japan.Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments...

DEBIAN-CVE-2020-29480

An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest...

Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location

A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn't include any personal details such as names or addresses. The...

CVE-2020-0277

In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's data plan with no additional execution privileges needed. User interaction is not needed for...