16 matches found
CVE-2025-59102
The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...
CVE-2025-59102
The CVE-2025-59102 entry concerns the Access Manager web server’s backup-download functionality, which can expose the device’s entire configuration including unencrypted PINs and MIFARE keys. Connected Red Hat CVEs clarify the adjacent issues: CVE-2025-59101 allows an attacker to bypass session m...
CVE-2025-59102 Secrets Stored in Plaintext in Database in dormakaba access manager
The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...
Security update for colord
This update for colord fixes the following issues: CVE-2021-42523: Fixed information disclosure in cd-device-db.c and cd-profile-db.c bsc1250750. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...
SUSE-SU-2025:20935-1 Security update for colord
This update for colord fixes the following issues: - CVE-2021-42523: Fixed information disclosure in cd-device-db.c and cd-profile-db.c bsc1250750...
Security update for colord
This update for colord fixes the following issues: CVE-2021-42523: Fixed information disclosure in cd-device-db.c and cd-profile-db.c bsc1250750. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...
SUSE-SU-2025:20964-1 Security update for colord
This update for colord fixes the following issues: - CVE-2021-42523: Fixed information disclosure in cd-device-db.c and cd-profile-db.c bsc1250750...
Tinxy 安全漏洞
Tinxy is an IoT product application from Tinxy, Inc. A security vulnerability exists in versions prior to Tinxy 663000 that stems from storing logged-in user information in plaintext on the device database, which can lead to unauthorized access to user information...
CVE-2023-3938
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...
CVE-2023-3938 Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ZkTeco-based OEM devices allows an attacker to authenticate under any user from the device database. This issue affects ZkTeco-based OEM devices ZkTeco ProFace X, Smartec ST-FR043, Smartec...
There are two Information Disclosure vulnerabilities in colord and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use while libxml2 emphasizes that the caller needs to release it.
...
AZL-10716 CVE-2021-42523 affecting package colord for versions less than 1.4.4-9
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'errmsg' of 'sqlite3exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it...
colord 信息泄露漏洞
colord is a system service that makes it easy to manage, install, and generate color profiles to accurately manage the colors of input and output devices. A security vulnerability exists in colord, which stems from an information leak in its colord/src/cd-device-db.c component and...
TitanHQ WebTitan has an unspecified vulnerability (CNVD-2019-44519)
TitanHQ WebTitan is a web content filter from TitanHQ Ireland. A security vulnerability exists in TitanHQ WebTitan versions prior to 5.18. The vulnerability can be exploited by an attacker to take full control of the device database by connecting to the database via a proxy no password required...
DEBIAN-CVE-2011-4349
Multiple SQL injection vulnerabilities in 1 cd-mapping-db.c and 2 cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and a device id, b property, or c profile id...
cattools-traverse.txt
TFTP directory traversal in Kiwi CatTools Application : Kiwi CatTools prior to 3.2.0 beta Release Date : 8 February 2007 Author : Nicob Product : ========= http://www.kiwisyslog.com/cattools-info.php : "Kiwi CatTools is a freeware application that provides automated device configuration managemen...