75 matches found
CVE-2024-43370
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...
The vulnerability of the uof_get_name() function in the QAT_420xx driver (driver/crypto/intel/qat/qat_420xx/adf_420xxHW_data.c) on Linux operating systems allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the uofgetname function in the QAT420xx driver driver/crypto/intel/qat/qat420xx/adf420xxhwdata.c in Linux operating systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized acces...
CVE-2023-51360
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0...
PT-2024-3561 · Fortinet · Fortisandbox
Name of the Vulnerable Software and Affected Versions: FortiSandbox versions 4.2.0 through 4.2.6 FortiSandbox versions 4.4.0 through 4.4.4 Description: The issue is related to the client-side enforcement of server-side security in FortiSandbox. It allows an attacker to execute unauthorized code o...
4ipnet EAP-767 Security Vulnerability
The 4ipnet EAP-767 is an enterprise-grade concurrent dual-band 802.11ac indoor access point designed for high-density environments such as offices, universities, hotels and hospitals. A security vulnerability exists in the 4ipnet EAP-767 version v3.42.00, which stems from susceptibility to...
PYSEC-2024-31
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...
PT-2024-18997 · Vantage6 · Vantage6
Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.2.0 Description: The vantage6 technology is used to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Authenticated users could inject code into algorithm...
UBUNTU-CVE-2024-0208
GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file...
PT-2024-15387 · Wireshark +1 · Wireshark +1
Name of the Vulnerable Software and Affected Versions: Wireshark version 4.2.0 Description: The issue allows for denial of service via packet injection or crafted capture file, specifically affecting the Zigbee TLV dissector in Wireshark. Recommendations: For Wireshark version 4.2.0, update to a...
CVE-2023-46981
SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list...
Sealos 授权问题漏洞
Sealos is a cloud operating system designed for managing cloud-native applications. An authorization issue vulnerability exists in Sealos versions prior to 4.2.0, which stems from a misconfiguration of Role-Based Access Control RBAC permissions, allowing an attacker to gain access to cluster...
Exploit for Missing Authentication for Critical Function in Ic Realtime_Icip-P2012T_Firmware
CVE-2023-31594 IC Realtime ICIP-P2012T is vulnerable to Incorr...
CVE-2023-25070
Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product...
SAP BusinessObjects Business Intelligence Platform 代码问题漏洞
SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A code issue vulnerability exists in SAP BusinessObjects Business...
SAP BusinessObjects Business Intelligence Platform 代码问题漏洞
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and enable fast, ea...
SAP BusinessObjects Business Intelligence 信息泄露漏洞
SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product features report generation, analytics, and data visualization. An information disclosure vulnerability exists in SAP BusinessObjects Business...
Pixel&tonic Craft CMS 跨站脚本漏洞
Pixel & tonic Craft CMS is a content management system CMS from the US company Pixel & tonic. A cross-site scripting vulnerability exists in Craft CMS version 4.2.0.1, which stems from a security issue in the src/helpers/Cp.php page...
CVE-2022-36558
Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg...
Seiko Solutions SkyBridge MB-A100/A110 命令注入漏洞
The Seiko Solutions SkyBridge MB-A100/A110 is an LTE-compatible IoT router from Seiko Solutions, Japan. A security vulnerability exists in the Seiko Solutions SkyBridge MB-A100/A110 v4.2.0 and earlier, which is caused by a command injection in the Ping parameter in pingexec.cgi...
CVE-2021-42052
creationtimestamp| type| source ---|---|--- 2022-08-17 02:39:29+00:00| seen| https://t.me/cibsecurity/48268...