CVE-2021-37584

CVE-2021-37584 affects MediaTek chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 used in NETGEAR devices (and others) and is caused by mishandling the WPS protocol, leading to an out-of-bounds write. The affected software version is 7.4.0.0. Severity is hig...

CVE-2021-37563

CVE-2021-37563 affects MediaTek-based chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 used in NETGEAR devices (and others). The vulnerability stems from mishandling of the WPS protocol, resulting in an out-of-bounds write. Affected software version: 7.4.0....

CVE-2021-32467

CVE-2021-32467 affects MediaTek chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 used in NETGEAR devices. Root cause: mishandling of the WPS protocol leading to an out-of-bounds read. Affected software version: 7.4.0.0. Impact per CVSS-3.1: availability imp...

CVE-2021-32468

MediaTek WPS handling in NETGEAR devices enables an out-of-bounds read due to buggy chip firmware. Affected chipsets: MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Version: 7.4.0.0. The CVE is documented with out-of-bounds read as the core flaw...

CVE-2021-32469

CVE-2021-32469 concerns MediaTek Wi‑Fi WPS handling in NETGEAR devices and other products. Affected chipsets include MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, and MT7915, with reported out‑of‑bounds read in the WPS process. The vulnerability is tied to the way WPS i...

MediaTek 芯片缓冲区错误漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company called Mediatek. The MediaTek chips contain a security vulnerability that stems from the chips incorrectly handling the WPS Wi-Fi Protected Setup protocol when running on NETGEAR 21-11-11 device models and other devices...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell POC CVE-2021-44228 The scope of this repository i...

PT-2021-24225 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: The issue allows malicious users to cause a denial of service due to an invalid memory address dereference. This can be achieved via a crafted file in the MP4Box command, specifically exploiting the gf dump set...

GPAC 资源管理错误漏洞

GPAC is an open source multimedia framework. gfdumpsetup function in GPAC version 1.0.1 has a denial of service vulnerability that can be exploited by attackers to cause a denial of service with the help of a specially crafted MP4Box command...

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. Recent assessments: Assessed Attacker Value: 0...

OPENSUSE-SU-2021:1595-1 Security update for barrier

This update for barrier fixes the following issues: Updated to version 2.4.0: Barrier now supports client identity verification fixes CVE-2021-42072, CVE-2021-42073. Previously a malicious client could connect to Barrier server without any authentication and send application-level messages. This...

postgresql: server processes unencrypted bytes from man-in-the-middle

It was found that a PostgreSQL server could accept plain text data during the establishment of an SSL connection. When a user is requesting a certificate based authentication, an active Person in the Middle could use this flaw in order to inject arbitrary SQL commands...

Security Bulletin:TLS Protocol 64-bit Cipher Vulnerability in Multiple N series Products (CVE-2016-2183)

Summary Multiple N series products utilize the TLS protocol. Any system using the TLS protocol with 64-bit block ciphers that are used in long running connections are vulnerable to a birthday attack referred to as SWEET32. When exploited, the vulnerability may lead to the unauthorized disclosure ...

Security Bulletin: Vulnerability in SSLv3 affects Multiple N series products (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in N series products. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive...

CVE-2021-43237

Windows Setup Elevation of Privilege Vulnerability...

CVE-2021-43237

Windows Setup Elevation of Privilege Vulnerability...

CVE-2021-43237 Windows Setup Elevation of Privilege Vulnerability

...

CVE-2021-43237

CVE-2021-43237 is a Windows Setup Elevation of Privilege vulnerability. Affected: Windows setup components (local vector). Impact per CVSS: high confidentiality, integrity, and availability; local, low/medium complexity with low privileges required (per CVSS 3.1) and user interaction may be requi...

Windows Setup Elevation of Privilege Vulnerability

...

KLA12387 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in...