Lucene search
K
Bdu FstecMost viewed

90509 matches found

BDU FSTEC
BDU FSTEC
added 2023/08/03 12:0 a.m.10 views

The vulnerability of the formWriteFacMac function in the Tenda AC10 router software allows a hacker to execute arbitrary commands.

The vulnerability of the formWriteFacMac function in the Tenda AC10 router software lies in the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the mac parameter...

10CVSS8.2AI score0.02446EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/03 12:0 a.m.10 views

The vulnerability of the Windows Active Directory (AD) management and reporting software Zoho ManageEngine ADAudit Plus arises due to the lack of measures taken to protect the website structure. This vulnerability allows attackers to carry out XSS attacks.

The vulnerability of the Windows Active Directory AD management and reporting software Zoho ManageEngine ADAudit Plus exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

5.5CVSS5.8AI score0.01875EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/02 12:0 a.m.10 views

The vulnerability of the Manage Journal Entry Template component of the SAP S/4HANA software platform allows a malicious individual to gain access to read, modify, or delete files.

The vulnerability of the Manage Journal Entry Template component of the SAP S/4HANA software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to files...

6.5CVSS7.2AI score0.0032EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/08/02 12:0 a.m.10 views

The vulnerability of the kernel of iOS, iPadOS, and macOS allows a perpetrator to execute arbitrary code with elevated privileges.

The vulnerability of the kernel of iOS, iPadOS, and macOS lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...

7.8CVSS8AI score0.00176EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/08/02 12:0 a.m.10 views

The vulnerability of the phpcgi_main function in the D-Link DIR-895 router’s microprogramming system allows a hacker to increase their privileges.

The vulnerability of the phpcgimain function in the D-Link DIR-895 router’s microprogramming system is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

7.5CVSS7.7AI score0.00976EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/08/02 12:0 a.m.10 views

The software of Cobalt Ashlar-Vellum has vulnerabilities that allow a hacker to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to an error in the analysis of AR files. Exploiting this vulnerability can allow attackers to execute arbitrary code...

7.8CVSS7.5AI score0.00399EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/27 12:0 a.m.10 views

The vulnerabilities of the Winbox interface and the HTTP interface of the RouterOS operating system of MikroTik allow attackers to elevate their privileges to the level of Super Admin.

The vulnerability of the Winbox and HTTP interfaces of the RouterOS operating system in MikroTik devices is related to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the level of Super Admin...

9.1CVSS7.5AI score0.01313EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/24 12:0 a.m.10 views

The vulnerability of the `ksmbd_verify_smb_message()` function in the `fs/smb/server/smb_common.c` file of the KSMBD file system of the Linux operating system allows a attacker to access protected information or cause service failures.

The vulnerability of the ksmbdverifysmbmessage function in the fs/smb/server/smbcommon.c file of the KSMBD file system in the Linux operating system is related to the lack of control over the request identifier. Exploiting this vulnerability could allow a remote attacker to access protected...

9.4CVSS6.6AI score0.01059EPSS
Exploits0References21Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/07/24 12:0 a.m.10 views

The vulnerability of the set_con2fb_map() function in the drivers/video/fbdev/core/fbcon.c file of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the setcon2fbmap function in the drivers/video/fbdev/core/fbcon.c file of the Linux kernel is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.4AI score0.0018EPSS
Exploits0References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/07/21 12:0 a.m.10 views

The vulnerability of the microprogramming software for Rockwell Automation communication modules 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, and 1756-EN4TRXT controllers from the Allen-Bradley ControlLogix series allows a hacker to execute arbitrary code.

The vulnerability of the microprogrammed software for Rockwell Automation communication modules 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK, 1756-EN4TR, 1756-EN4TRK, and 1756-EN4TR...

10CVSS8.8AI score0.04965EPSS
Exploits0References4Affected Software37
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.10 views

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to access to resources through incompatible types. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8AI score0.00938EPSS
Exploits0References10Affected Software5
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.10 views

The vulnerability of D-Link DSL-G256DG router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to execute arbitrary commands.

The vulnerability of D-Link DSL-G256DG router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

9CVSS7.9AI score0.01762EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.10 views

The vulnerability of Google Chrome browser-based PDF processing components allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Google Chrome browser-based PDF processors relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information through a specially crafted HTML page...

10CVSS7.6AI score0.00918EPSS
Exploits0References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.10 views

The vulnerability of the ROS2 operating system, related to errors in resource release, allows a intruder to trigger a service failure.

The vulnerability of the ROS2 operating system is related to errors during resource release. Exploiting this vulnerability can allow a remote attacker to cause service failures...

6.8CVSS6.6AI score
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.10 views

The vulnerability of Google Chrome’s Picture In Picture technology, which allows hackers to carry out phishing attacks

The vulnerability of Google Chrome’s Picture In Picture technology is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to conduct phishing attacks using a specially created HTML page...

5CVSS5.8AI score0.00906EPSS
Exploits0References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.10 views

The vulnerability of the Jenkins server plugin “Dimensions” involves access control deficiencies, allowing attackers to gain access to confidential information.

The vulnerability of the Jenkins server plugin “Dimensions” is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

4.2CVSS6.1AI score0.00625EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/18 12:0 a.m.10 views

The vulnerability of the OLE Automation technology in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the OLE Automation technology in Windows operating systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

6.8CVSS7.3AI score0.0118EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/07/11 12:0 a.m.10 views

The vulnerability of the WanDynamicIpV6CfgRpm component (/userRpm/WanDynamicIpV6CfgRpm.htm) in the TP-Link TL-WR940N router software allows a attacker to cause a service failure.

The vulnerability of the WanDynamicIpV6CfgRpm component /userRpm/WanDynamicIpV6CfgRpm.htm of the TP-Link TL-WR940N router software is related to the issue where an operation outside the buffer is performed when processing the ipStart parameter. Exploiting this vulnerability allows a remote attack...

9.9CVSS8AI score0.31733EPSS
Exploits4References5
BDU FSTEC
BDU FSTEC
added 2023/07/10 12:0 a.m.10 views

The vulnerability of the VirtualServerRpm component (/userRpm/VirtualServerRpm.htm) of TP-Link routers such as TL-WR940N, TL-WR841N, TL-WR941N, and TL-WR740N allows a hacker to cause service interruptions.

The vulnerability of the VirtualServerRpm component /userRpm/VirtualServerRpm.htm of TP-Link routers such as TL-WR940N, TL-WR841N, TL-WR941N, and TL-WR740N lies in the fact that the operation outside the buffer in memory occurs when processing the Changed key parameter. Exploiting this...

8.6CVSS7.4AI score0.00714EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/06/30 12:0 a.m.10 views

The vulnerability of the fl_set_geneve_opt() function in the net/sched/cls_flower.c module, part of the network scheduling subsystem in the Linux operating system’s kernel, allows a malicious actor to cause service failures or increase their privileges.

The vulnerability of the flsetgeneveopt function in the net/sched/clsflower.c module, within the net/sched scheduling subsystem of the Linux operating system’s kernel, is related to incorrect calculations of buffer boundaries during writing operations. Exploiting this vulnerability may allow a...

7.8CVSS6.8AI score0.00532EPSS
Exploits1References39Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/06/30 12:0 a.m.10 views

The vulnerability in the FortiADC Manager web management tool, a controller for FortiADC applications, allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the FortiADC Manager web management tool, a controller for FortiADC application delivery, is related to the failure to remove special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary commands with ro...

7.8CVSS7.6AI score0.00496EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.10 views

The vulnerability of the GLPI system’s request and incident handling process, related to improper input cancellation during the generation of web pages, allows attackers to carry out attacks using cross-site scripts.

The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data in the administration panel. Users can inject and execute arbitrary HTML and scripts in the user’s browser within the context of the vulnerable website. Exploiting this...

4.8CVSS6.7AI score0.00538EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/06/25 12:0 a.m.10 views

The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation allows a perpetrator to execute arbitrary code.

The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation lies in the writing beyond buffer boundaries. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created SPP file...

7.8CVSS7.8AI score0.00226EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/20 12:0 a.m.10 views

The vulnerability of Hirschmann Network Management Industrial HiVision software, related to privilege management errors, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of Hirschmann Network Management Industrial HiVision software is related to privilege management errors. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

7.8CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/16 12:0 a.m.10 views

The vulnerability of the Go programming language lies in its insecure external control over critical data states. This allows attackers to escalate their privileges and gain access to read, modify, or delete data.

The vulnerability of the Go programming language is related to the insecure external control over critical state data during the processing of setuid and setgid attributes. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain access to read, modify, or delet...

5.8CVSS6.9AI score0.00432EPSS
Exploits0References8Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/06/16 12:0 a.m.10 views

The vulnerability of the B.A.T.M.A.N. network interface in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the B.A.T.M.A.N. network interface in the Linux operating system is related to incorrect synchronization between the processes of removing network devices and executing delayed tasks in the batadvdatstarttimer function within the distributedarptable.c module. Exploiting this...

8.1CVSS5.5AI score
Exploits0References9Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.10 views

Vulnerability of the Server component: The Oracle MySQL Server database management system’s DDL functions allow attackers to cause service interruptions.

Vulnerability of the Server component: The DDL system for managing databases in Oracle MySQL Server has vulnerabilities related to access control. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL protocol...

6.8CVSS6.3AI score0.02EPSS
Exploits0References5Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.10 views

The vulnerability of the hedwig.cgi and pigwidgeon.cgi components of the D-Link DIR-868L router’s software allows a attacker to perform a CSRF attack.

The vulnerability of the hedwig.cgi and pigwidgeon.cgi components of the D-Link DIR-868L router software is related to the manipulation of inter-domain requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...

10CVSS7.7AI score0.00883EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.10 views

The vulnerability of the sub_48AC20 function in D-Link DIR-882 A1 wireless router’s microprogramming software allows for the execution of arbitrary code.

The vulnerability of the sub48AC20 function in D-Link DIR-882 A1 wireless router’s microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.5AI score0.01352EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.10 views

The vulnerability of the erase-write function in Cisco NX-OS and Cisco FXOS operating systems of Cisco devices allows attackers to increase their privileges.

The vulnerability of the erase-write function in Cisco NX-OS and Cisco FXOS operating systems in Cisco devices is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

6.4CVSS6.6AI score0.00466EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.10 views

The vulnerability of the application software interface of D-Link DIR-2150 router software allows a hacker to circumvent existing security restrictions.

The vulnerability of the application software interface for D-Link DIR-2150 routers is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

8.8CVSS7.5AI score0.01108EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/07 12:0 a.m.10 views

The vulnerability of the ASP.NET Viewstate component of the production process management software ABB eSOMS allows a hacker to disclose protected information.

The vulnerability of the ASP.NET Viewstate component of the ABB eSOMS production process management software is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

3.5CVSS5.5AI score0.00825EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/05 12:0 a.m.10 views

The vulnerability of the event forwarding mechanism in IBM QRadar WinCollect Agent, related to access control deficiencies, allows attackers to escalate their privileges and execute arbitrary commands.

The vulnerability of the event forwarding mechanism in IBM QRadar WinCollect Agent is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary commands...

7.8CVSS7.5AI score0.00194EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/05 12:0 a.m.10 views

The vulnerability of the TeamPass password manager, related to the lack of protective measures for the website structure, allows attackers to execute cross-site scripting attacks.

The vulnerability of the TeamPass password manager is related to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

9.4CVSS6.3AI score0.00683EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/05 12:0 a.m.10 views

The vulnerability of the monitoring tool for VMware Aria Operations, related to deficiencies in access control, allows a perpetrator to execute arbitrary code and increase their privileges.

The vulnerability of the monitoring tool for VMware Aria Operations is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code and increase their privileges...

9CVSS8.3AI score0.00652EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/05/31 12:0 a.m.10 views

The vulnerability of the anonymous web browser Tor, related to improper cleaning or release of resources, allows a violator to trigger a service failure.

The vulnerability of the anonymous web browser Tor is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

7.5CVSS7.2AI score0.01059EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/05/29 12:0 a.m.10 views

The vulnerability of the PDF-XChange document viewing and editing program relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the PDF-XChange viewer and editor program relates to the issue of operations going beyond the buffer in memory when processing PDF files. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created malicious link or a specially...

7.8CVSS7.8AI score0.00571EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/26 12:0 a.m.10 views

The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software arises from reading beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software arises from reading beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by having the user open a specially created CS...

7.8CVSS7.9AI score0.00227EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/25 12:0 a.m.10 views

The vulnerability of the microprogramming software of the Parks Fiberlink 210 exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands, allowing attackers to execute arbitrary commands on the server.

The vulnerability of the Parks Fiberlink 210 router’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands on the server using t...

10CVSS7.5AI score0.05245EPSS
Exploits2References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.10 views

The vulnerability of the ksmbd module in Linux operating systems allows a hacker to intercept an active session.

The vulnerability of the ksmbd module in Linux operating systems is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to intercept an ongoing session...

6.5CVSS6.1AI score0.00151EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.10 views

The vulnerability of the graphical driver of operating systems iPadOS and iOS allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the graphics driver of operating systems iPadOS and iOS stems from the issue of operations going beyond the buffer in memory during incorrect software rendering of H.264 video. Exploiting this vulnerability allows an attacker to execute arbitrary code with root privileges...

7.8CVSS7.8AI score0.0026EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/05/19 12:0 a.m.10 views

The vulnerability of the application programming interface of the Cisco DNA Center allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the application programming interface of the Cisco DNA Center relates to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges using a specially created API...

5.5CVSS8.1AI score0.00624EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/17 12:0 a.m.10 views

The vulnerability of Fortinet’s FortiNAC and FortiNAC-F access control devices, which stems from the use of strictly encrypted login credentials, allows attackers to gain unauthorized access to protected information.

The vulnerability of the access control devices in Fortinet’s FortiNAC and FortiNAC-F systems lies in the use of strictly encrypted user credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by executing certain commands...

6.8CVSS7.2AI score0.00164EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/05/17 12:0 a.m.10 views

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microsoftware allows a attacker to execute arbitrary code.

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microprogramming software is related to the lack of measures to sanitize input data during the processing of the LocalIPAddress parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrar...

7.4CVSS7.1AI score0.01796EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/17 12:0 a.m.10 views

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microsoftware allows a attacker to execute arbitrary code.

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microprogramming software is related to the lack of measures to sanitize input data during the processing of the PrefixLen parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary cod...

7.4CVSS7.1AI score0.23393EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/15 12:0 a.m.10 views

The vulnerability of the Azure Service Connector allows attackers to circumvent existing security restrictions and enhance their privileges.

The vulnerability of the Azure Service Connector relates to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain increased privileges...

7.5CVSS7.3AI score0.00979EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/05/11 12:0 a.m.10 views

The vulnerability of microprogrammed software in Nexx Garage Door Controllers (NXG-100B, NXG-200), Nexx Smart Plugs (NXPG-100W), and Nexx Smart Alarms (NXAL-100) arises from the use of pre-set credentials. This allows a intruder to gain unauthorized access to the MQ Telemetry Server (MQTT) server.

The vulnerability of microprogrammed software in Nexx Garage Door Controllers NXG-100B, NXG-200, Nexx Smart Plugs NXPG-100W, and Nexx Smart Alarms NXAL-100 lies in the use of pre-set credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the MQ Telemetry...

10CVSS8.1AI score0.00826EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/05/11 12:0 a.m.10 views

The vulnerability of microprogrammed software in Nexx Garage Door Controllers (NXG-100B, NXG-200), Nexx Smart Plugs (NXPG-100W), and Nexx Smart Alarms (NXAL-100) lies in their susceptibility to being bypassed through the use of a user-controlled key. This allows intruders to alter the settings of the devices and gain access to information about them.

The vulnerability of the microprogrammed software of the Nexx Garage Door Controller NXG-100B, NXG-200, Nexx Smart Plug NXPG-100W, and Nexx Smart Alarm NXAL-100 lies in the ability to bypass authentication by using a user-controlled key. Exploiting this vulnerability could allow an intruder to...

7.5CVSS7.2AI score0.00485EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/05/11 12:0 a.m.10 views

The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows attackers to circumvent existing security restrictions.

The vulnerability of the Secure Boot protocol for loading operating systems on Windows is related to errors in accessing debugging functions during the loading process. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...

6.7CVSS7.5AI score0.10561EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/05/10 12:0 a.m.10 views

The vulnerability of the Prompts component in the Google Chrome browser allows a hacker to bypass security restrictions.

The vulnerability of the Prompts component in the Google Chrome browser is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created HTML page...

7.8CVSS6.7AI score0.00968EPSS
Exploits0References9Affected Software3
Total number of security vulnerabilities5000