68 matches found
D-Link DIR-816 A2 缓冲区错误漏洞
The D-Link DIR-816 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DIR-816 A2v1.10CNB04 firmware version suffers from a buffer overflow vulnerability that originates from a boundary error in the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip when processing untrusted...
pershingcountynv.gov Cross Site Scripting vulnerability OBB-2454127
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nv-leasing.de Improper Access Control vulnerability OBB-2412113
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2020-11177
User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...
Input validation
User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...
CVE-2020-11177
CVE-2020-11177 affects Qualcomm closed‑source components in Snapdragon devices (Auto/Compute/Connectivity/IOT/Wearables, etc.). The issue arises from improper validation of the SPC code setting and device lock, allowing a local attacker to overwrite the Security Code NV item without current SPC b...
leg.state.nv.us Cross Site Scripting vulnerability OBB-1477649
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Fedora 33 : tpm2-tss (2020-1d3fcce2a3)
tpm2-tss 3.0.1 changed or fixed : Fix CVE-2020-24455 FAPI PolicyPCR not instatiating correctly Note that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that ommits PCR checks. All these objects have to be...
Fedora 32 : tpm2-tss (2020-bb8e3c5548)
tpm2-tss 2.4.3 changed or fixed : Fix CVE-2020-24455 FAPI PolicyPCR not instatiating correctly Note that all TPM object created with a PolicyPCR with the currentPcrs and currentPcrsAndBank options have been created with an incorrect policy that ommits PCR checks. All these objects have to be...
Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Fifthplay S.A.M.I 2019.2HP - Persistent Cross-Site Scripting Exploit Author: LiquidWorm Vendor: Fifthplay NV Vendor Homepage: https://www.fifthplay.com Version: 2019.2HP Tested on: Linux CVE : - Fifthplay S.A.M.I - Service...
Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting
Exploit Title: Fifthplay S.A.M.I 2019.2HP - Persistent Cross-Site Scripting Date: 2020-01-29 Exploit Author: LiquidWorm Vendor: Fifthplay NV Vendor Homepage: https://www.fifthplay.com Version: 2019.2HP Tested on: Linux CVE : - Fifthplay S.A.M.I - Service And Management Interface Unauthenticated...
openSUSE: Security Advisory for singularity (openSUSE-SU-2018:3316-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Command injection
GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in method: notifySpaceModification; that can result in Improper validation ...
CVE-2018-1000666
GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in method: notifySpaceModification; that can result in Improper validation ...
CVE-2018-1000666
CVE-2018-1000666 affects GIG Technology NV JumpScale Portal 7. The vulnerability is an OS Command Injection (CWE-78) in the notifySpaceModification method, arising from improper neutralization/validation of input parameters, allowing command execution. According to sources, the issue is exploitab...
Man-in-the-Middle (MitM)
nv-websocket-client is vulnerable to man-in-the-middle MitM attacks. The library accepts a trusted certificate issued to domain A when connecting to domain B, allowing a malicious user to conduct a man-in-the-middle attack...
Option CloudGate Insecure Direct Object Reference Auth Bypass
Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic...
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic...
Option CloudGate Insecure Direct Object References Authorization Bypass
Summary The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic unit certified on all major us cellular operators CDMA/EV-DO and WCDMA/HSPA+. The CloudGate is simple to configure locally or remotely from your PC, tablet or...
Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal
Gemalto Sentinel License Manager 18.0.1 Directory Traversal Vulnerability Vendor: Gemalto NV | SafeNet, Inc Product web page: http://www.gemalto.com | http://www.safenet-inc.com Affected version: 18.0.1.55505 Summary: The Sentinel License Manager enforces and manages licensing in multi-user...