CVE-2023-1750

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information...

Buffer overflow

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is copied into a caller-provided buffer without checking the length. This requires a valid login to...

CVE-2023-28506 Stack buffer overflow in UniRPC service

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login t...

CVE-2023-1136 CVE-2023-1136

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass...

CVE-2023-20100

A vulnerability in the access point AP joining process of the Control and Provisioning of Wireless Access Points CAPWAP protocol of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...

answer user enumeration vulnerability

answer is an open source knowledge-based community software. A user enumeration vulnerability exists in versions of answer prior to 1.0.6, which stems from brute-force breaking of a valid email account in the login portal, where the time for a valid account is significantly higher than the time f...

CVE-2022-46300

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...

CVE-2022-45468 CVE-2022-45468

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...

CVE-2022-45468 CVE-2022-45468

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...

answer 安全漏洞

answer is an open source knowledge-based community software. An information disclosure vulnerability exists in versions of answer prior to 1.0.6. The vulnerability stems from the fact that the application will respond with an account that cannot be found if an invalid account is used. In the case...

Tridium Niagara AX Path Traversal (CVE-2012-4701)

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging 1 valid credentials or 2 the guest feature. This plugin only works with Tenable.ot. Please visit...

Observable Response Discrepancy

vantage6server is vulnerable to Observable Response Discrepancy. The vulnerability exists because the login requirement is not properly implemented which allows an attacker to brute force password and observe a valid username response...

SUSE CVE-2023-26605

In the Linux kernel 6.0.8, there is a use-after-free in inodecgwbmovetoattached in fs/fs-writeback.c, related to listdelentryvalid...

DEBIAN-CVE-2023-26605

In the Linux kernel 6.0.8, there is a use-after-free in inodecgwbmovetoattached in fs/fs-writeback.c, related to listdelentryvalid...

Observable Response Discrepancy in Password Reset Functionality

Description The password reset functionality leaks information pertaining to use accounts. Where an invalid account is utilized, the application responds that the account could not be found. Where an account is valid, the application responds with a reason "base.success" when intercepted, or that...

K16937: OpenSSL vulnerability CVE-2015-1793

Security Advisory Description Description The X509verifycert function in crypto/x509/x509vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints CA values during identification of alternative certificate chains, which allows remote attackers to spoof ...

K22317030: iControl REST vulnerability CVE-2017-6145

Security Advisory Description iControl REST includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens...

K15493: OpenSSH vulnerability CVE-2006-5229

Security Advisory Description OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid one...

SUSE CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

SUSE CVE-2007-1561

The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service crash via a SIP INVITE message with an SDP containing one valid and one invalid IP address...