21 matches found
EUVD-2018-1432
Malware in sbrugna...
CVE-2022-24957
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...
CVE-2022-34431
Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible...
CVE-2022-34431
Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible...
Memory corruption
Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible...
CVE-2022-34431
CVE-2022-34431 affects Dell Hybrid Client prior to version 1.8, where a guest user profile corruption vulnerability could be exploited by a WMS-privileged attacker to render the DHC system inaccessible. Documents confirm affected software and root cause (guest profile corruption) and suggest reme...
CVE-2022-34431
Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible...
CVE-2022-24957
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...
CVE-2022-24957
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...
Input validation
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...
CVE-2022-24957
DHC Vision eQMS (v5.4.8.322 and earlier) is affected by a Persistent XSS due to insufficient encoding of untrusted input/output. An attacker must create/edit an information object and use the XSS payload as the name; any user opening the object’s version or history tab can be attacked. No remedia...
CVE-2022-24957
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...
DHC Vision eQMS跨站脚本漏洞
DHC Vision eQMS is a new method of digitizing Quality Management Systems QMS from DHC Vision, Germany. A security vulnerability exists in DHC Vision eQMS version 5.4.8.322 and earlier, which stems from untrustworthy input/output undercoding that resulting in a persistent cross-site scripting atta...
Information disclosure
The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2018-0622
The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2018-0622
The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2018-0622
The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2018-0622
The CVE-2018-0622 entry concerns the DHC Online Shop App for Android (version 3.2.0 and earlier) that fails to verify X.509 certificates from SSL servers. Root cause: the app does not validate SSL server certificates, enabling MITM attackers to eavesdrop or spoof servers. Affected product: DHC On...
DHC Online Shop App for Android fails to verify SSL server certificates
Overview DHC Online Shop App for Android provided by DHC Corporation fails to verify SSL server certificates. Sho Ueshima and Tsuyoshi Ogawa of SIE Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
JVN#77409513: DHC Online Shop App for Android fails to verify SSL server certificates
DHC Online Shop App for Android provided by DHC Corporation fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the information provid...