737 matches found
PT-2021-7827 · Unknown · Capital Embedded Ar Classic R20-11 +1
Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions prior to V2303 Description: A Denial-of-Service condition can occur due to the DHCP client application not validating the length of the Vendor option...
prestonursing.co.uk Improper Access Control vulnerability OBB-2229679
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2021-13733 · Sma100 · Sma100
Name of the Vulnerable Software and Affected Versions: SonicWall SMA 100 series appliances SonicWall SMA 200 SonicWall SMA 210 SonicWall SMA 400 SonicWall SMA 410 SonicWall SMA 500v versions prior to the fixed version Description: A command injection vulnerability exists in the web management...
Large Validator Sets/Rapid Validator Set Updates May Freeze the Bridge or Relayers
Handle nascent Vulnerability details In a similar vein to "Freeze The Bridge Via Large ERC20 Names/Symbols/Denoms", a sufficiently large validator set or sufficiently rapid validator update could cause both the ethoraclemainloop and relayermainloop to fall into a state of perpetual errors. In...
PT-2021-15923 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress plugin versions through 3.7.2 Description: The issue arises from the proid GET parameter not being properly sanitized, escaped, or validated before being inserted into a SQL statement. This leads to SQL injection. Recommendations: F...
CVE-2021-34473
Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: gwillcox-r7 at July 14, 2021 5:15pm UTC reported: From https://blog.talosintelligence.com/2021/07/microsoft-patch-tuesday-for-july-2021.html there was a note that this vulnerability seems to have been used in some...
Exploit for CVE-2021-34527
PoC exploit for CVE-2021-34527, a critical vulnerability in the...
PT-2020-6391
Name of the Vulnerable Software and Affected Versions SonicOS versions 6.0.5.3 and earlier SonicOS versions 6.5.1.11-4n and earlier SonicOS versions 6.5.4.7-79n and earlier SonicOSv versions 6.5.4.4-44v-21-794 and earlier SonicOS version 7.0.0.0-1 Description A buffer overflow vulnerability in...
autoduder.com Cross Site Scripting vulnerability OBB-1283944
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
PT-2022-2183 · Pjsip +3 · Pjsip +3
Name of the Vulnerable Software and Affected Versions: PJSIP versions 2.11.1 and prior Description: The issue is related to a potential out-of-bound read access when parsing an incoming SIP message that contains a malformed multipart. This affects all PJSIP users that accept SIP multipart. The...
PT-2020-3016 · Vmware · Vmware Esxi +2
Name of the Vulnerable Software and Affected Versions: VMware ESXi versions 7.0 before ESXi 7.0.0-1.20.16321839 VMware ESXi versions 6.7 before ESXi670-202006401-SG VMware ESXi versions 6.5 before ESXi650-202005401-SG VMware Workstation versions 15.x before 15.5.2 VMware Fusion versions 11.x befo...
PT-2020-2501 · Oracle · Oracle Weblogic Server
Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0.0 through 12.2.1.4.0 Description: The issue is related to insufficient access control in the Core component of Oracle WebLogic Server, allowing an unauthenticated attacker with network access via IIOP...
PT-2020-2265 · Microsoft · Sharepoint Foundation +1
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to an unlimit...
PT-2020-1466
Name of the Vulnerable Software and Affected Versions Java SE versions 7u241, 8u231, 11.0.5, and 13.0.1 Java SE Embedded version 8u231 Description The issue is related to the Networking component and can be exploited by an unauthenticated attacker with network access via multiple protocols,...
PT-2020-1289
Name of the Vulnerable Software and Affected Versions Windows CryptoAPI Crypt32.dll versions prior to the fixed version Description A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by...
PT-2019-14599 · Intel +2 · Opencv +2
Name of the Vulnerable Software and Affected Versions: OpenCV version 4.1.1 Description: The issue is related to an out-of-bounds read in the hal baseline::v load function located in core/hal/intrin sse.hpp, which is called from computeSSDMeanNorm in modules/video/src/dis flow.cpp. Recommendation...
PT-2019-2724 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue is related to errors in handling objects in memory by the Win32k component of the Windows operating system. This can allow an attacker to execute arbitrary code in kernel mode...
PT-2019-8761 · Moxa · Moxa Awk-3121
Name of the Vulnerable Software and Affected Versions: Moxa AWK-3121 version 1.14 Description: An issue was discovered where the device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. This allows an attacker to sniff the traffic passing between the...
PT-2019-2293 · Cisco · Cisco Nx-Os +2
Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Cisco NX-OS Software affected versions not specified Description: The issue is related to incomplete role-based access control RBAC verification in the implementation of a CLI diagnostic...
CVE-2017-15841
When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SnapdragonHighMed2016...