Slican多款产品 安全漏洞

Slican NCP are products of the Polish company Slican. Slican NCP is an IP communication server. Slican IPx is a series of enterprise communication and IP phone switching systems. Slican CCT is also a series of enterprise communication and IP phone switching systems. Several Slican products have...

CVE-2025-62817

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session-ncphdrbuf in pilotparsingncp causes a denial of service...

CVE-2025-62817

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session-ncphdrbuf in pilotparsingncp causes a denial of service...

CVE-2025-14055

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet...

CVE-2025-14055

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet...

CVE-2025-14055 Integer underflow in Secure NCP host

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet...

CVE-2025-14055 Integer underflow in Secure NCP host

An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet...

NCP Secure Entry Client 代码问题漏洞

NCP Secure Entry Client is a remote client connection software developed by the German company NCP. Version 9.2 of NCP Secure Entry Client contains a code vulnerability. This vulnerability stems from service paths in multiple Windows services that are not enclosed in quotes. This could allow loca...

EUVD-2019-19384

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that...

CVE-2019-25281 NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths

NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that...

CVE-2019-25281

CVE-2019-25281 concerns NCP Secure Entry Client 9.2. The issue is an unquoted service path vulnerability in multiple Windows services (e.g., ncprwsnt, rwsrsu, ncpclcfg, NcpSec) that can be exploited to inject and execute code with LocalSystem privileges during service startup. Exploitation is des...

PT-2026-5810

Name of the Vulnerable Software and Affected Versions NCP Secure Entry Client version 9.2 Description NCP Secure Entry Client 9.2 contains a flaw due to unquoted service paths in multiple Windows services. This allows local users to potentially execute arbitrary code. Specifically, attackers can...

CVE-2025-26155

NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability...

CVE-2025-64444

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS...

NCP-HG100 vulnerable to OS command injection

Overview NCP-HG100 provided by Sony Network Communications Inc. and used in MANOMA service contains the following vulnerability. OS command injection CWE-78 - CVE-2025-64444 HIROKI IMAI of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

CVE-2025-64444

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS...

CVE-2025-64444

CVE-2025-64444 affects NCP-HG100 (1.4.48.16 and earlier). The issue is an OS command injection due to improper neutralization of special elements in commands, allowing a remote attacker who has authenticated access to the management page to execute arbitrary OS commands with root privileges. Red ...

EUVD-2025-186560

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS...

CVE-2025-64444

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS...

CVE-2025-64444

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS...