154 matches found
Fuji Electric Tellus Lite V-Simulator和Fuji Electric V-Server Lite 缓冲区错误漏洞
Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric Japan.Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments...
DEBIAN-CVE-2020-29480
An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest...
Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location
A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn't include any personal details such as names or addresses. The...
CVE-2020-0277
In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's data plan with no additional execution privileges needed. User interaction is not needed for...
IBM Maximo Anywhere Information Disclosure Vulnerability (CNVD-2020-27942)
IBM Maximo Anywhere is a suite of next-generation mobile solutions from IBM USA built on the IBM Worklight platform. The solution supports remote access to IBM Maximo Asset Management a comprehensive asset lifecycle and maintenance management solution workflow and asset management via mobile...
CVE-2020-12266
An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed...
Input validation error vulnerability in multiple Huawei products (CNVD-2020-22010)
The Huawei HEGE-570, among others, is a smart screen device from the Chinese company Huawei Huawei. An input validation error vulnerability exists in multiple Huawei products. The vulnerability stems from the failure of the program to perform sufficient validation, and can be exploited by an...
CVE-2019-15255 Cisco Identity Services Engine Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it...
CVE-2019-4265
IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198...
Apple Transparency Report Now Includes App Store Takedown Requests
For the first time Apple added to its transparency report the number of App Store takedown requests it has received from governments. The report, released Tuesday, also puts some hard numbers on how often law enforcement and governments request device and user data. App Takedown Request Apple’s...
CVE-2018-16197
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an attacker on the same network segment to bypass access restriction to access the information and files stored on the affected device...
CVE-2018-9526
In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033...
Huawei cell phone information leakage vulnerability
Anne-AL00 is a smartphone from Huawei. An information disclosure vulnerability exists in the Huawei Anne-AL00 phone. An attacker connecting the phone via USB can exploit this vulnerability to obtain device-specific information about the phone due to improper privilege settings for specific comman...
Netwave IP camera information disclosure vulnerability (CNVD-2018-16961)
Netwave IP camera is a network camera produced by Netwave SystemsB.V. in the Netherlands. An information disclosure vulnerability exists in the getstatus.cgi file in the Netwave IP camera. An attacker can exploit this vulnerability to disclose sensitive information on the device...
CVE-2018-11717
An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain depending on the modules configured the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the...
CVE-2018-8755
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device...
The vulnerability of the Cisco Wide Area Application Services Software (WAAS) SNMP daemon allows a hacker to read any data available on the device through the SNMP protocol.
The vulnerability of the Cisco WAAS software package related to the use of pre-installed credentials. Exploiting this vulnerability allows a remote attacker to read any data available on the device through the SNMPv2c protocol...
CVE-2017-12134
The xenbiovecphysmergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability...
Design/Logic Flaw
Untrusted search path vulnerability in Installers for Specification check program social insurance Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to...
CVE-2016-7818
CVE-2016-7818 is an Untrusted search path vulnerability in Japan Pension Service installers: Specification check program (social insurance) v9.00 and earlier, TODOKESHO print program v5.00 and earlier, Device data encryption program v1.00 and earlier, and TODOKESHO creation program v15.00 and ear...