2881 matches found
CVE-2022-20341
In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-37206
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 All versions V8.80, SIPROTEC 5 relays with CPU variants CP100 All versions V8.80, SIPROTEC 5 relays with CPU variants CP300 All versions V8.80. Received webpackets are not properly processed. An unauthenticated remot...
CVE-2021-30298
Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wire...
CVE-2021-22403
There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands...
CVE-2021-30266
Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...
CVE-2020-26110
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces SEC-564...
CVE-2020-14126
Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information...
CVE-2020-14114
information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information...
CVE-2020-14130
Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version 3.0.210809...
CVE-2020-5881
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition VE is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer NDAL Interfaces can lock up and in turn disrupting the communicatio...
CVE-2017-18472
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces SEC-198...
The vulnerability of the AES-128-CCM encryption algorithm in the operating system PAN-OS of network interfaces from Palo Alto Networks, including models PA-7500, PA 5400, PA 5400f, PA 3400, PA 1400, and PA 400, allows attackers to disclose confidential information.
The vulnerability of the AES-128-CCM encryption algorithm in the networking interfaces of the PAN-OS operating system of Palo Alto Networks’ devices such as PA-7500, PA 5400, PA 5400f, PA 3400, PA 1400, and PA 400 relates to the transmission of confidential information in plaintext. Exploiting th...
Introducing Linode Interfaces: Better Network Management (Open Beta)
Join the beta for Linode Interfaces, a new network management tool offering clearer configurations, better security, and smarter routing...
Moderate: iptraf-ng security update
IPTraf-ng is a console-based network monitoring utility which includes an IP traffic monitor, a TCP and UDP service monitor, and a LAN statistics module. It supports Ethernet, FDDI, ISDN, SLIP, PPP, and loopback interfaces as well as the built-in raw socket interface of the Linux kernel. Security...
SUSE CVE-2022-49844
In the Linux kernel, the following vulnerability has been resolved: can: dev: fix skb drop check In commit a6d190f8c767 "can: skb: drop tx skb if in listen only mode" the priv-ctrlmode element is read even on virtual CAN interfaces that do not create the struct canpriv at startup. This...
The software of the centralized backup and disaster recovery system of Dell PowerProtect Data Manager is vulnerable due to errors in the use of privileged application programming interfaces (APIs). This vulnerability allows a malicious individual to escalate their privileges.
The vulnerability of the software for centralized backup and disaster recovery management in Dell PowerProtect Data Manager is related to errors when privileged application programming interfaces are used. Exploiting this vulnerability can allow an attacker to gain increased privileges...
VulnCheck KEV: CVE-2024-57049
A vulnerability in the TP-Link Archer c20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing...
SAMSUNG SMR 安全漏洞
SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung mobile applications. SAMSUNG SMR suffers from a security vulnerability that stems from mishandling of insufficient privileges, which could lead to the use of privileged APIs by a...
Bind Network Interfaces to the Correct Zones
Different filtering policies can be configured for different firewall zones. If the server network is complex and has multiple interfaces that provide different service functions, it is recommended that interfaces be configured in different zones and different firewall policies be configured. For...
Configure the nftables Policies for Loopback Properly
The loopback address 127.0.0.0/8 is a special address on a server. It is irrelevant to NICs and is mainly used for the inter-process communication of a local device. Packets with the source address 127.0.0.0/8 from NICs should be discarded. If policies related to the loopback address are improper...