Stack overflow

Tenda AC10 version USAC10V4.0siV16.03.10.13cn was discovered to contain a stack overflow via the firewallEn parameter in the function SetFirewallCfg...

Stack overflow

Tenda AC10 version USAC10V4.0siV16.03.10.13cn was discovered to contain a stack overflow via the time parameter in the function compareparentcontroltime...

Directory traversal

Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read...

Design/Logic Flaw

Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function...

Arbitrary file deletion

In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability...

Hardcoded credentials

Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account...

Command injection

Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter...

Buffer overflow

Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification...

Authorization

An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component...

Information disclosure

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...

Design/Logic Flaw

The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders...

Authentication flaw

There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication...

Design/Logic Flaw

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function...

Information disclosure

The FACSChorus workstation does not prevent physical access to its PCI express PCIe slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM...

Hardcoded credentials

The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts...

Design/Logic Flaw

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...

Design/Logic Flaw

The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes...

Code injection

HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...

Design/Logic Flaw

The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data...

Design/Logic Flaw

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

Code injection

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key inf...

Cross site scripting

raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A user controlled URL parameter is loaded int...

Authentication flaw

An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers t...

Design/Logic Flaw

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service. This issue affects Apache Superset: before 3.0.0...

Sql injection

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. This vulnerability can be exploited with a low privileged account...

Race condition

A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buff...

Authentication flaw

Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret...

Spoofing

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0...

Information disclosure

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username. This issue affects Apache Superset before 3.0.0...

Path traversal

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

Design/Logic Flaw

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

Design/Logic Flaw

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP v4 Too Big packet generation. After a bpfxdpadjusthead call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content ...

Input validation

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could...

Code injection

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack...

Design/Logic Flaw

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data...

Design/Logic Flaw

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object...

Cross site scripting

Cross Site Scripting XSS in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code...

Design/Logic Flaw

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

Command injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: before 8.0...

Cross site scripting

A Cross-Site Scripting XSS vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the...

Input validation

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262...

Privilege escalation

Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105...

Privilege escalation

Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105...

Design/Logic Flaw

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC or Spring WebFlux...

Input validation

The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate...

Design/Logic Flaw

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

Design/Logic Flaw

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in...

Command injection

Command injection in main/lp/openofficepresentation.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...

Code injection

Anyscale Ray 2.6.3 and 2.8.0 allows /logproxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...

Command injection

Command injection in main/lp/openofficetextdocument.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...