CVE-2023-28768

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80ABXN.1, XMG1930-30 firmware version V4.80ACAR.1, and XS1930-10 firmware version V4.80ABQE.1 could allow an unauthenticated LAN-based attacker to cause denial-of-service DoS conditions by sending crafted frames to an affected...

CVE-2023-29468

The vulnerability CVE-2023-29468 affects TI WiLink WL18xx MCP driver in WILINK8-WIFI-MCP8 versions 8.5_SP3 and earlier. The root cause is that the driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID parsed in a management frame, allowing a spe...

PT-2023-4399 · Zyxel · Zyxel Xs1930-10 +2

Name of the Vulnerable Software and Affected Versions: Zyxel XGS2220-30 firmware version V4.80ABXN.1 Zyxel XMG1930-30 firmware version V4.80ACAR.1 Zyxel XS1930-10 firmware version V4.80ABQE.1 Description: The issue is related to improper frame handling in the firmware of certain Zyxel switches,...

Texas Instruments WiLink WL18xx MCP driver security vulnerability

Texas Instruments WiLink WL18xx MCP driver is a single-band combo module MCP driver from Texas Instruments. A security vulnerability exists in WILINK8-WIFI-MCP8 8.5SP3 and prior versions, which stems from the WiLink WL18xx MCP driver not limiting the number of Information Elements IEs of...

DEBIAN-CVE-2023-33953

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption ...

Authorization Bypass

libreoffice is vulnerable to Authorization Bypasses. Improper access control in editor components allows an attacker to craft a document that would cause external links to be loaded without prompt. The documents that uses floating frames linked to external files, would load the contents of those...

Authentication flaw

There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packe...

Google Nest 授权问题漏洞

Google Nest is a smart home product by Google, an American company. Google Nest has a security vulnerability. The vulnerability allows unauthenticated nodes to forge radio frames using "Key ID Mode 2", a special mode that uses a static encryption key to bypass security checks, allowing arbitrary ...

Cisco NX-OS Software Data Management Engine Remote Code Execution (CVE-2020-3415)

A vulnerability in the Data Management Engine DME of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input...

timelessframes.com Cross Site Scripting vulnerability OBB-3534022

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Juniper Junos OS Vulnerability (JSA11134)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11134 advisory. - In Juniper Networks Junos OS Evolved, receipt of a stream of specific genuine Layer 2 frames may cause the Advanced Forwarding Toolkit AFT manager process Evo-aftmand,...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Arbitrary Code Execution

restrictedpython is vulnerable to Arbitrary Code Execution. The vulnerability exists because it does not properly restrict access to stack frames and attributes which allows an attacker to access the RestrictedPython environment and create code that receives the current stack frame from a...

CVE-2023-37271

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...

Default configuration

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...

CVE-2023-37271

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...

UBUNTU-CVE-2023-37271

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...

PYSEC-2023-118

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...

CVE-2023-37271

CVE-2023-37271 concerns RestrictedPython, a tool for sandboxing Python code. The vulnerability arises because RestrictedPython does not sanitize access to stack frames, allowing code inside generators/generator expressions to access the current stack frame and walk the stack beyond the sandbox bo...

CVE-2023-37271

RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...