893 matches found
PT-2022-20657 · Nortek Linear · Emerge E3-Series
Name of the Vulnerable Software and Affected Versions: Nortek Linear eMerge E3-Series devices versions 0.32-09c and earlier Description: The issue allows an attacker to obtain admin credentials stored in /test.txt, which can be used to open a building's doors. This occurs even when default...
UBUNTU-CVE-2022-2503
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...
Nortek Linear eMerge E3-Series Credential Disclosure
Exploit Title: Nortek Linear eMerge E3-Series - Information Disclosure lead to access admin dashboard Exploit Author: Omar Hashim Version: 0.32-07p,0.32-07e,0.32-07p,0.32-08f,0.32-09c Vendor home page : https://www.nortekcontrol.com/access-control/ Vendor home page : https://linear-solutions.com/...
Nortek Linear eMerge E3-Series Account Takeover
Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over Exploit Author: Omar Hashim Version: 0.32-07p Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31798 Description...
Nortek Linear eMerge E3-Series Credential Disclosure Vulnerability
Nortek Linear eMerge E3-Series versions 0.32-07p, 0.32-07e, 0.32-07p, 0.32-08f, and 0.32-09c suffer from an administrative credential disclosure vulnerability. Exploit Title: Nortek Linear eMerge E3-Series - Information Disclosure lead to access admin dashboard Exploit Author: Omar Hashim Version...
Nortek Linear eMerge E3-Series Command Injection Vulnerability
Exploit Title: Nortek Linear eMerge E3-Series - Blind OS Command Injection Exploit Author: Omar Hashim Version: 0.32-09c Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31499 POC:...
Nortek Control Linear eMerge E3-Series 操作系统命令注入漏洞
The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors can be used by people to enter and exit a specified location at a specified time. A security vulnerability exists in Nortek Control Linear eMerge E3-Series version 0.32-09...
Nortek Linear eMerge E3-Series Command Injection
Exploit Title: Nortek Linear eMerge E3-Series - Blind OS Command Injection Exploit Author: Omar Hashim Version: 0.32-09c Vendor home page: https://www.nortekcontrol.com/access-control/ Vendor home page: https://linear-solutions.com/ Authentication Required: No CVE: CVE-2022-31499 POC:...
Nortek Control Linear eMerge E3-Series 信任管理问题漏洞
The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors a person can use to enter and exit a specified location at a specified time. A security vulnerability exists in the Nortek Control Linear eMerge E3-Series, which stems fro...
Nortek Linear eMerge E3-Series Account Takeover XSS Vulnerability
Nortek Linear eMerge E3-Series version 0.32-07p suffers from a vulnerability where session fixation tied with cross site scripting can allow for account takeover. Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over Exploit Author: Omar Hashim Version: 0.32-07p Vendor home page:...
Adobe Premiere Pro memory corruption vulnerability
Adobe Premiere Pro is a set of non-linear editing video editing software from Adobe. Adobe Premiere Pro version 15.4 and earlier versions contain a security vulnerability that could be exploited by attackers to execute arbitrary code in the context of the current user...
GSD-2022-1002467 veth: Ensure eth header is in skb's linear part
veth: Ensure eth header is in skb's linear part This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.311 by commit...
GSD-2022-1002393 veth: Ensure eth header is in skb's linear part
veth: Ensure eth header is in skb's linear part This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.276 by commit...
GSD-2022-1002169 veth: Ensure eth header is in skb's linear part
veth: Ensure eth header is in skb's linear part This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.190 by commit...
GSD-2022-1000988 veth: Ensure eth header is in skb's linear part
veth: Ensure eth header is in skb's linear part This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.4 by commit...
Possibility of stale and static value of VOLT for longer duration on change of ScalingPriceOracle
Lines of code Vulnerability details If there will be a need for governance action to swap out the ScalingPriceOracle that the OraclePassThrough points to, then it will have to be performed only after 15th till 30/31st of any month. This is due to two constraints viz, 1 28 days TIMEFRAME, and 2 th...
[SECURITY] Fedora 36 Update: rust-regex-1.5.5-1.fc36
Implementation of regular expressions for Rust. This implementation uses fini te automata and guarantees linear time matching on all inputs...
[SECURITY] Fedora 35 Update: rust-regex-1.5.5-1.fc35
Implementation of regular expressions for Rust. This implementation uses fini te automata and guarantees linear time matching on all inputs...
[SECURITY] Fedora 34 Update: rust-regex-1.5.5-1.fc34
Implementation of regular expressions for Rust. This implementation uses fini te automata and guarantees linear time matching on all inputs...
PYSEC-2022-158
Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...