Design/Logic Flaw

A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality...

CVE-2021-21959

A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality...

CVE-2021-21961

CVE-2021-21961 affects Sealevel Systems SeaConnect 370W v1.3.34, impacting the NBNS and LLMNR name-resolution paths. The Talos report documents two stack-based buffer overflows in the parsing of queried names, each copying a length-controlled payload into a fixed 32-byte buffer without proper bou...

CVE-2021-21960

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

GitLab Enterprise Edition 访问控制错误漏洞

GitLab Enterprise Edition is a content management system. An Access Control Error vulnerability exists in GitLab Enterprise Edition and Gitlab Community Edition that stems from improperly restricted access. When a remote authenticated attacker is linked to an item in the vulnerability indicator...

CVE-2021-41840

An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere...

Code injection

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere...

generateFLNQuote() can be used to prevent migration()

Handle GeekyLumberjack Vulnerability details Impact generateFLNQuote can be used to always cause migrate to revert. Effectively ending one of Behodler's main function's operability. Migration is core to Behodler economics. Proof of Concept 1. Attacker would write a script to call generateFLNQuote...

Sealevel Systems, Inc. SeaConnect 370W Web Server information disclosure vulnerability

Summary An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger...

SUSE SLES15 Security Update : kernel (Live Patch 20 for SLE 15 SP2) (SUSE-SU-2022:0238-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0238-1 advisory. - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CASENDMSG ioctl. This fla...

SUSE SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP2) (SUSE-SU-2022:0239-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2022:0239-1 advisory. - A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel...

CVE-2021-44413

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. AddUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...

Cross site request forgery (csrf)

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. Search param is not object. An attacker can send an HTTP request to trigger this vulnerability...

Code injection

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

CVE-2022-21721 DOS Vulnerability in next.js

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

CVE-2022-21721 DOS Vulnerability in next.js

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

CVE-2022-21721 DOS Vulnerability in next.js

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

CVE-2021-44364

CVE-2021-44364 affects the Reolink RLC-410W under vendor firmware version 3.0.0.136_20121102. The DoS arises from the cgiserver.cgi JSON command parser: a specially crafted HTTP body that uses a JSON array can trigger an assertion in the parser when a param is not an object, potentially killing t...

CVE-2021-40413

An incorrect default permission vulnerability exists in the cgiserver.cgi cgicheckability functionality of reolink RLC-410W v3.0.0.13620121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be...

CVE-2022-21217

An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability...