43 matches found
step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
Summary An attacker can force a Step CA SCEP provisioner to create certificates without completing certain protocol authorization checks. Details SCEP requests carry a message type. On receipt of a SCEP request, Step CA starts processing it by parsing its contents. Message types that were...
PUB-A-422442679
In ssDecodeLcsAssistDataReqMsgvoid of ssLcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-63288
In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service...
EUVD-2015-5357
Malware in sbrugna...
CVE-2021-35074
Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...
UBUNTU-CVE-2024-42861
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted PdelayReq message to the time synchronization function...
Callback Widget Cross-Site Scripting Vulnerability
PHPJabbers Callback Widget is a simple PHP script that places a discreet callback button on a website. A cross-site scripting vulnerability exists in PHPJabbers Callback Widget version v1.0, which stems from cross-site scripting XSS in the value-text-osmsemailrequestmessage parameter of ndex.php...
PT-2023-25530 · Phpjabbers · Phpjabbers Callback Widget
Name of the Vulnerable Software and Affected Versions: PHPJabbers Callback Widget version 1.0 Description: There is a Cross Site Scripting XSS issue in the value-text-o sms email request message parameters of index.php. This allows for potential malicious script execution. Recommendations: For...
CVE-2022-40536
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network...
CVE-2022-33264
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message...
CVE-2022-33264 Stack-based buffer overflow in Modem
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message...
Brave Android 1.45.127 Security Fixes
Fixed misleading signing request message in Brave Wallet...
CVE-2021-35074
Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...
Integer overflow
Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...
CVE-2021-35074
Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...
Qualcomm 多款产品输入验证错误漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. a way of miniaturizing circuits including primarily semiconductor devices, but also passive components, etc. and is manufactured from time to time on the surface of semiconductor wafers. An input validation error vulnerability exists in...
Schneider Electric Quantum Ethernet Module Improper Authentication (CVE-2011-4860)
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device aka the Quantum 140NOE771 module generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a ...
CVE-2020-23539
An issue was discovered in Realtek rtl8723de BLE Stack = 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECTREQ message...
CVE-2018-10206
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...
CVE-2017-8194
The FusionSphere OpenStack V100R006C00SPC102NFV has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message...