HP LaserJet Printers Insecure Default Initialization of Resource (CVE-2011-4161)

The default configuration of the HP CM8060 Color MFP with Edgeline; Color LaserJet 3xxx, 4xxx, 5550, 9500, CMxxxx, CPxxxx, and Enterprise CPxxxx; Digital Sender 9200c and 9250c; LaserJet 4xxx, 5200, 90xx, Mxxxx, and Pxxxx; and LaserJet Enterprise 500 color M551, 600, M4555 MFP, and P3015 enables...

Generex UPS Adapter CS141 Unrestricted Upload of File with Dangerous Type (CVE-2022-47191)

Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

EUVD-2011-4104

Malware in sbrugna...

EUVD-2021-29731

Malicious code in bioql PyPI...

EUVD-2021-29730

Malicious code in bioql PyPI...

CVE-2021-42774

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In...

CVE-2021-42775

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In...

CVE-2020-27692

The Relish Verve Connect VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings responsible for managing devices remotely. This makes it possibl...

CVE-2020-35801

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. A TFTP server was found to be active by default. It allows remote authenticated users to...

Qolsys IQ Panel 4, IQ4 HUB

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low attack complexity Vendor : Qolsys, Inc. Equipment : IQ Panel 4, IQ4 Hub Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the panel...

The vulnerability of Microprogrammed Software for Power Measurement and Energy Meters from Schneider Electric’s PowerLogic ION8650 and PowerLogic ION8800 arises from loading code without verifying its integrity. This allows a malicious actor to alter the firmware version with administrator privileges.

The vulnerability of Microprogrammed Software for Power Measurement Devices and Energy Meters from Schneider Electric’s PowerLogic ION8650 and PowerLogic ION8800 lies in the fact that code can be loaded without checking its integrity. Exploiting this vulnerability could allow an attacker to...

CVE-2023-39903

An issue was discovered in Fujitsu Software Infrastructure Manager ISM before 2.8.0.061. The ismsnap component in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log allows insecure collection and storage of authorization credentials in cleartext...

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software, related to security mechanism failures, allows a intruder to cause a service failure.

The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to security mechanism errors. Exploiting this vulnerability allows a malicious actor to cause service failure by loading arbitrary firmware files remotely...

CVE-2021-30028

SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials the admin password for the admin account to access the TELNET service, allowing attackers to erase/read/write the firmware remotely...

PT-2022-9947 · Sooteway · Sooteway Wi-Fi Range Extender

Name of the Vulnerable Software and Affected Versions: SOOTEWAY Wi-Fi Range Extender version 1.5 Description: The issue allows attackers to access the TELNET service using default credentials, specifically the admin password for the admin account. This access enables attackers to erase, read, or...

The vulnerability of the serial interface converter NPort IAW5250A-6I/O lies in the use of a hard-coded cryptographic key, which allows a hacker to modify the device’s firmware.

The vulnerability of the NPort IAW5250A-6I/O serial interface converter is related to the use of a rigidly encoded cryptographic key. Exploiting this vulnerability could allow an attacker to modify the device’s firmware remotely...

CVE-2021-42775

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In...

CVE-2021-42774

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In...

CVE-2021-42774

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In...

Command injection

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In...