PT-2024-29905 · Sap · Sap Rfc Function Module

Name of the Vulnerable Software and Affected Versions: SAP RFC function module affected versions not specified Description: The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This issue could be utilized to identify usernames and access...

PT-2024-9683 · Solarwinds · Solarwinds Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue is related to a lack of protection for the web page structure in the Search/Node Information Section component of the SolarWinds Platform user interface. This allows a...

CVE-2022-23235

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when...

PT-2022-9073 · Zooz +2 · Zooz Zst10 +4

Name of the Vulnerable Software and Affected Versions: ZooZ ZST10 version 6.04 ZooZ ZEN20 version 5.03 ZooZ ZEN25 version 5.03 Aeon Labs ZW090-A version 3.95 Fibaro FGWPB-111 version 4.3 Description: Z-Wave devices based on Silicon Labs 500 series chipsets using S2 are susceptible to denial of...

SROS 2 Information Disclosure Vulnerability

SROS 2 is a tool for generating and distributing SROS keys. SROS 2 suffers from an information disclosure vulnerability. An attacker can exploit this vulnerability to disclose information about the nodes associated with ROS 2...

DEBIAN-CVE-2019-12615

An issue was discovered in getvdevportnodeinfo in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdupconst of nodeinfo-vdevport.name, which might allow an attacker to cause a denial of service NULL pointer dereference and system crash...

Information Disclosure

openstack-ironic is vulnerable to information disclosure. An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bar...

CVE-2016-4985

An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew or was able to...

IPv6 toolkit

A security assessment and troubleshooting tool for the IPv6 protocols The SI6 Networks’ IPv6 toolkit is a set of IPv6 security/trouble-shoting tools, that can send arbitrary IPv6-based packets. IPv6 toolkit: List of Tools addr6: An IPv6 address analysis and manipulation tool. flow6: A tool to...

SA-CONTRIB-2013-096 - Entity reference - Access bypass

By default, with an autoselect or a select widget, a user cannot autocomplete an entity title, nor can they select an entity that they have no access to. This will correctly throw a 'invalid id' error and does not show the title of the entity. However, if a user A that has access to the reference...

ipv6-node-info NSE Script

Obtains hostnames, IPv4 and IPv6 addresses through IPv6 Node Information Queries. IPv6 Node Information Queries are defined in RFC 4620. There are three useful types of queries: qtype=2: Node Name qtype=3: Node Addresses qtype=4: IPv4 Addresses Some operating systems Mac OS X and OpenBSD return...

CVE-2010-2362

Winny 2.0b7.1 and earlier does not properly process node information, which has unspecified impact and remote attack vectors that might lead to use of the product's host for DDoS attacks...

Winny node information processing vulnerability

Overview Winny contains a vulnerability in the processing of node information. Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of node information, which can be used to launch Distributed Denial of Service DDoS attacks. Fuyumasa Takatsu of University of...

JVN#25393522: Winny node information processing vulnerability

Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of node information, which can be used to launch Distributed Denial of Service DDoS attacks. Impact A user may take part in a DDoS attack by a remote attacker. Solution Do not use Winny Please discontinue use o...

ICMP Node Information Query Information Disclosure

The remote host answers to an ICMPv6 Node Information Query and responds with its DNS name, the list of IPv4 addresses and the list of IPv6 addresses to which it is bound. An attacker can use this information to understand how the network is architected, which may help him bypass filters. TRUSTED...

Information disclosure

The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query...

CVE-2007-4688

The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query...