344 matches found
CVE-2023-39287
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 22.24.5800.0 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit...
Input validation
Improper Information in Cybersecurity Guidebook in Bosch Building Integration System BIS 5.0 may lead to wrong configuration which allows local users to access data via network...
libcap 输入验证错误漏洞
libcap is a package of network data capture functions from the individual developer Michael Kerrisk. A security vulnerability exists in libcap, which stems from an integer overflow that can occur if the input string is close to 4GiB...
Stimulsoft GmbH Stimulsoft Designer 代码问题漏洞
Stimulsoft GmbH Stimulsoft Designer is a robust product from Stimulsoft that runs on any computer and any platform. Engine, report designer and viewer for generating reports and analyzing data. A security vulnerability exists in Stimulsoft Designer Web version 2023.1.3, which stems fromThe...
The vulnerability of the PowerScale OneFS operating systems is related to weak password cryptography for NDMP. This allows attackers to gain full control over the system.
The vulnerability of the PowerScale OneFS operating system is related to the weak cryptography used for NDMP password protection. Exploiting this vulnerability could allow an attacker to gain full control over the system...
SUSE CVE-2007-2446
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving 1 DFSEnum netdfsiodfsEnumInfod, 2 RFNPCNEX smbionotifyoptiontypedata, 3 LsarAddPrivilegesToAccount...
SUSE CVE-2015-5825
WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code...
SUSE CVE-2021-45104
An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data...
REST-Attacker - Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations
REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and...
Apache Commons Net 输入验证错误漏洞
Apache Commons Net is the United States Apache Apache company a library. It implements many of the basic Internet Protocol clients. An input validation error vulnerability exists in Apache Commons Net versions prior to 3.9.0, which stems from the fact that the Net's FTP client trusts a host from ...
PT-2022-6324 · Dell · Dell Powerscale Onefs
Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.4.x Description: The issue is related to a weak encoding for a NDMP password in Dell PowerScale OneFS. A malicious and privileged local attacker could potentially exploit this, leading to a full...
CVE-2022-20399
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20399
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
Information disclosure
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-20399
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2022-38100 Contec Health CMS8000
The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. A threat actor with network access can remotely issue a specially formatted UDP request that will cause the entire device to crash and require a physical reboot. A UDP broadcast request could be sent...
PT-2022-14625 · Google · Android Kernel
Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to the SEPolicy configuration of system apps, which allows access to the 'ip' utility due to an insecure default value. This could lead to local information disclosure of network data without...
CVE-2022-38701
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information...
PT-2022-24536 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 3.1.2 Description: The issue is a heap overflow vulnerability that can be triggered by local attackers, allowing them to obtain network sensitive information. Recommendations: For OpenHarmony versions prior to...
OpenHarmony 缓冲区错误漏洞
OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony v3.1.2 and earlier versions, which stems from the presence of a heap overflow vulnerability that could allow a local attacker to trigger a...