PT-2023-16990 · Unknown · Watchdog Anti-Virus

Name of the Vulnerable Software and Affected Versions: Watchdog Anti-Virus version 1.4.214.0 Description: A problematic vulnerability was found in Watchdog Anti-Virus, affecting the function in the library wsdk-driver.sys of the component IoControlCode Handler. This leads to denial of service. Th...

CVE-2022-25948

The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided...

CVE-2022-25948

The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided...

Information disclosure

The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided...

CVE-2022-23485

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...

CVE-2022-23485

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...

PT-2022-26980 · Callback Technologies · Cbfs Filter

Name of the Vulnerable Software and Affected Versions: Callback technologies CBFS Filter version 20.0.8317 Description: A null pointer dereference issue exists in the handle ioctl 0x830a0 systembuffer functionality. This can be triggered by a specially crafted I/O request packet IRP, leading to...

CVE-2022-35412

Digital Guardian Agent 7.7.4.0042 allows an administrator who ordinarily does not have a supported way to uninstall the product to disable some of the agent functionality and then exfiltrate files to an external USB device...

PT-2022-15861 · Jenkins · Jenkins Debian Package Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Debian Package Builder Plugin versions 1.6.11 and earlier Description: The issue allows agents to invoke command-line git at an attacker-specified path on the controller. This enables attackers who can control agent processes to invok...

PT-2021-14788 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet version 2.4.12 Description: An OS Command Injection issue exists in the ping.php script functionality. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request...

PT-2021-7768 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.16 through 3.5.17 Description: A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality. This vulnerability can be triggered by a specially...

OPENSUSE-SU-2020:1214-1 Security update for chromium

This update for chromium fixes the following issues: - Chromium updated to 84.0.4147.125 boo1175085 CVE-2020-6542: Use after free in ANGLE CVE-2020-6543: Use after free in task scheduling CVE-2020-6544: Use after free in media CVE-2020-6545: Use after free in audio CVE-2020-6546: Inappropriate...

PT-2020-18974 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe versions through 4.5.0 Description: A specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a SilverStripe application, without revealing the...

PT-2020-13034

Name of the Vulnerable Software and Affected Versions Tiny File Manager version 2.4.1 Description The issue allows authenticated users to enumerate directories and files on the filesystem outside of the application scope due to a Path Traversal vulnerability in the ajax recursive directory listin...

New Zoom vulnerability lets hackers record any meeting anonymously

By Waqas This Zoom vulnerability lets hackers record meetings even when host disables recording functionality for participants. This is a post from HackRead.com Read the original post: New Zoom vulnerability lets hackers record any meeting anonymously...

PT-2019-10790

Name of the Vulnerable Software and Affected Versions Sierra Wireless AirLink ES450 version 4.9.3 Sierra Wireless AirLink ALEOS affected versions not specified Description A remote code execution issue exists in the upload.cgi functionality of Sierra Wireless AirLink devices. A crafted HTTP reque...

Capital One: Apache server-status enabled

Apache /server-status displays information about your Apache status. If you are not using this feature, disable it. GET /server-status HTTP/1.1 Connection: keep-alive Accept: / Accept-Encoding: gzip,deflate Host: proxy-copp.capitalone.com User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64...

JVN#27142693: NP-BBRM vulnerable in UPnP functionality

NP-BBRM provided by I-O DATA DEVICE, INC. is a LAN router. NP-BBRM contains a vulnerability in the UPnP functionality. Impact The device may be used in a DDoS attack, as a SSDP reflector. Solution Disable UPnP Disable UPnP functionality from the management configuration in the settings screen...