26 matches found
False Security Confidence in Benign LLM Code Generation
Prior work has demonstrated that functionally correct yet vulnerable outputs arise systematically in threat-oriented settings, where adversarial or implicit channels are used to induce security failures in code agents and automated patching workflows. This note introduces a complementary but...
CVE-2017-14743
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/deviceservice, as demonstrated by reading the admin password...
CLSA-2024-1705494763 kernel: Fix of 13 CVEs
Bluetooth: L2CAP: Fix use-after-free in l2capsockreadycb CVE-2023-40283 - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet CVE-2023-6932 - smb: client: fix OOB in smbCalcSize CVE-2023-6606 - net/sched: schhfsc: Ensure inner classes have fsc curve CVE-2023-4623 - net/sched: clsfw:...
fsc-ccf.ca Cross Site Scripting vulnerability OBB-3813377
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CLSA-2023-1698248409 Fix of 6 CVEs
CVE-2023-42752 // CVE-url: https://ubuntu.com/security/CVE-2023-42752 - igmp: limit igmpv3newpack packet size to IPMAXMTU CVE-2023-4623 // CVE-url: https://ubuntu.com/security/CVE-2023-4623 - net/sched: schhfsc: Ensure inner classes have fsc curve CVE-2023-34319 // CVE-url:...
SUSE CVE-2016-4441
The getcmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller FSC support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service out-of-bounds write and QEMU process crash via unspecified vectors, involving an SCSI command...
CVE-2022-30315
Honeywell Experion PKS Safety Manager SM and FSC through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell...
CVE-2022-30315
CVE-2022-30315 affects Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06. The vulnerability stems from the unauthenticated Safety Builder protocol used to download control logic (block-by-block FLD code) to the CPU module, with no cryptographic authentication or memory protect...
pasadenafsc.com Improper Access Control vulnerability OBB-2204881
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
fsc-ccf.ca Cross Site Scripting vulnerability OBB-2145486
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
fsc-watch.org Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1144409 Security Researcher Hchabik Helped patch 2477 vulnerabilities Received 5 Coordinated Disclosure badges Received 2 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting fsc-watch.org website and i...
fsc-tambov.ru Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1112193 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
openSUSE: Security Advisory for kernel (openSUSE-SU-2018:2118-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
fsc-paper.de XSS vulnerability
Open Bug Bounty ID: OBB-605733 Description| Value ---|--- Affected Website:| fsc-paper.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2017-15288
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/$USER:shared/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. Mitigati...
Scala 2.x Privilege Escalation Vulnerability
Scala versions 2.1.6 through 2.10.6, 2.11.0 through 2.11.11, and 2.12.0 through 2.12.3 suffer from a privilege escalation vulnerability. A privilege escalation vulnerability has been identified in the Scala compilation daemon. The compile daemon is started explicitly by the fsc command, or...
Faleemi FSC-880 CSRF / SQL Injection / Command Execution Vulnerabilities
Faleemi FSC-880 suffers from command execution, cross site request forgery, remote SQL injection, and various other vulnerabilities. Full disclosure is here: https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabilities-ed1d132c2cce === Timeline: 25 August 2017: the research was...
Faleemi FSC-880 CSRF / SQL Injection / Command Execution
Full disclosure is here: https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabilities-ed1d132c2cce === Timeline: 25 August 2017: the research was made 29 August 2017: an email was sent to the vendor, but with no answer 25 September 2017: public disclosure 26 September 2017:...
CVE-2017-14743
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/deviceservice, as demonstrated by reading the admin password...
CVE-2017-14743
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/deviceservice, as demonstrated by reading the admin password...