CVE-2023-29241

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System BIS 5.0 may lead to wrong configuration which allows local users to access data via network...

CVE-2024-4007 Hard coded default credential contained in install package

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured...

CVE-2023-29241

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System BIS 5.0 may lead to wrong configuration which allows local users to access data via network...

CVE-2023-29241

Improper Information in Cybersecurity Guidebook in Bosch Building Integration System BIS 5.0 may lead to wrong configuration which allows local users to access data via network...

curl: CVE-2021-22897: schannel cipher selection surprise

Summary: Commit "schannel: support selecting ciphers" added support for selecting the ciphers with SCHANNEL. However, due to use of a static algIds array for ciphers in setsslciphers the last configured cipher list will override configuration used by other connections, leading to potential wrong...

CVE-2020-25966

Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. NOTE: The vendo...

Qulture.Rocks: Privilege escalation from member user ( editor ) to admin user

Qulture.Rocks has multiple levels of admins, where you could manage parts of the application. One of those levels had a wrong configuration, which did not blocked it from updating its level to a higher one. Our team worked rapidly to fix this issue, blocking said level of updating itself...