15 matches found
EUVD-2020-18492
Malware in sbrugna...
EUVD-2020-18491
Malware in sbrugna...
EUVD-2022-37727
Malicious code in bioql PyPI...
CVE-2020-25858
The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...
CVE-2020-25859
The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...
CVE-2022-34821
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2, SCALANCE M804PB 6GK5804-0AP00-2AA2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2, SCALANCE M812-1 ADSL-Router 6GK5812-1BA00-2AA2, SCALANCE M816-1 ADSL-Router...
Zyxel Firewalls Under Attack! Urgent Patching Required
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buff...
CVE-2020-25858
The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...
CVE-2020-25859
The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...
Design/Logic Flaw
The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...
Design/Logic Flaw
The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...
CVE-2020-25859
The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...
CVE-2020-25859
CVE-2020-25859 concerns the QCMAP_CLI utility in Qualcomm QCMAP, where handling SetGatewayUrl() can invoke system() without input validation. This allows a local attacker with shell access to pass shell metacharacters and execute arbitrary commands. If QCMAP_CLI runs with sudo or setuid, privileg...
CVE-2020-25858
The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...
CVE-2020-25858
CVE-2020-25858 affects the Qualcomm QCMAP Web UI. The issue lies in the QCMAP_Web_CLIENT binary where the Tokenizer() function does not validate the return values of strstr() or strchr(). This can let an attacker supply a crafted URL via the web interface that crashes the process, resulting in a ...