I-O DATA DEVICE, INC. Security Vulnerabilities

CVE-2023-52864

In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, which means that...

CVE-2024-5096

A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been.....

An issue can be linked to by ID even if link and browse permissions are absent

h3. Problem Definition: If you remove the Link Issues Permission and Browse Projects Permission a user can still create a link if they use the issue key. h3. Steps to Reproduce Create a Project Role and remove the "Browse Projects" and "Link Issues" permissions from that role in a target-project......

Media resumption control could show up in another user and leak the owner's media data

In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...

[DeviceChooserActivity Could be Overlaid to Trick User Into Associating a Rogue Companion Device]

In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User...

Collapse-O-Matic < 1.8.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it...

Sensitive Data Exposure

github.com/kopia/kopiais vulnerable to Sensitive Data Exposure. This vulnerability is due to the "repository status" CLI command with JSON output containing sensitive storage connection credentials which are inadvertently exposed to the...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...

Grafana Forward OAuth Identity Token can allow users to access some data sources

When a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have....

ADFO – Custom data in admin dashboard < 1.9.1 - Cross-Site Request Forgery

Description The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.0. This is due to missing or incorrect nonce validation on several functions hooked via the controller() function. This makes it possible....

CVE-2024-2618

The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the size attribute in all versions up to, and including, 1.6.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

o-line.co.za Cross Site Scripting vulnerability OBB-3864124

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Delta Electronics InfraSuite Device Master Gateway Detection

Delta Electronics InfraSuite Device Master Gateway, a component of a data center device monitoring software, is running on the remote...

A10 Networks Advanced Core OS Device Detection

Nessus was able to detect the version of the Advanced Core Operating System running on the remote host by examining the SNMP system description value. Advanced Core OS is used in A10 Networks application delivery controllers and load balancing...

Netbiter Config NetbiterConfig.exe Device Hostname Remote Overflow

The Netbiter Config utility is installed on the remote Windows host. It is a configuration utility used to query and set TCP/IP network settings in NetBiter WebSCADA devices. According to its version, the installed version of this utility does not properly handle specially crafted UDP packets with....

ADFO – Custom data in admin dashboard < 1.9.1 - Reflected Cross-Site Scripting

Description The ADFO – Custom data in admin dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dbp_id' parameter in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

Yealink Device Management Platform Web Interface Detection

The web interface for Yealink Device Management Platform, a communications device management platform, was detected on the remote...

Exploit for Command Injection in Paloaltonetworks Pan-Os

CVE-2024-3400 Exploit Tool 🛠️ This Python script is designed...

Data Leak Exposes Business Leaders and Top Celebrity Data

By Waqas A data leak incident involving Clarity.fm left the personal data of business leaders and celebrities exposed to public… This is a post from HackRead.com Read the original post: Data Leak Exposes Business Leaders and Top Celebrity...

Exploit for Injection in Atlassian Confluence Data Center

CVE-2023-22527 Confluence RCE CVE-2023-22527 - RCE (Remote...

Exploit for Out-of-bounds Write in Google Chrome

CVE-2023-4863 ```bash # checkout webp git clone...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845...

AirWatch Data Collection

This plugin collects all data from...

Cisco Adaptive Security Device Manager (ASDM) Detection

The web user interface for Cisco Adaptive Security Device Manager (ASDM) was detected on remote host. Adaptive Security Device Manager is a GUI-based firewall appliance management...

Cisco Firepower Device Manager Web Interface Detection

The remote host is running the Firepower Device Manager, which allows for the configuration of FTD...

Apple Profile Manager Jailbroken iOS Device Detection

Enumerates all of the jailbroken iOS devices managed by Profile...

rpc.py vulnerable to Deserialization of Untrusted Data

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. Per the maintainer,...

rpc.py vulnerable to Deserialization of Untrusted Data

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. Per the maintainer,...

Patch Data Finalization

The remote host is missing one or more security patches. This plugin ensures that supersedence has been calculated for all missing patches and stores the supersedence data in the scan report so that recommendations can be made for the latest and least number of patches to install to make sure the.....

MaaS360 Data Collection

This plugin collects all mobile device hardware and software information from...

MobileIron Data Collection

This plugin collects all data from...

ActiveSync Data Collect

This plugin requests the ActiveSync device information for iPhones and Android phones that have version information supplied on the server. If the device is found, it will store the data for future requests and report that the device is managed on ActiveSync. Note that any devices reported here...

Exploit for Expression Language Injection in Atlassian Confluence Data Center

批量验证...

CVE-2024-2088

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

CVE-2023-30860

WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert...

Corona Virus (COVID-19) Banner & Live Data <= 1.8.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Simple Website Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, scorecard, envoy-ratelimit, ip-masq-agent, atlantis, keda, opentofu, sigstore-scaffolding, flux-helm-controller, gitlab-shell, nginx-stable, haproxy-ingress,...

Ansible Leaks Data Passed to ssh-keygen

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to....

Dahua IPC/VTH/VTO - Authentication Bypass

Some Dahua products contain an authentication bypass during the login process. Attackers can bypass device identity authentication by constructing malicious data...

Golang TIFF decoder does not place a limit on the size of compressed tile data

The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, scorecard, envoy-ratelimit, ip-masq-agent, atlantis, keda, opentofu, sigstore-scaffolding, flux-helm-controller, gitlab-shell, nginx-stable, haproxy-ingress,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: keda-fips, datadog-agent, tekton-pipelines, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, docker, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, dynamic-localpv-provisioner, cilium, goreleaser, spark-operator, k8sgpt,...

Golang TIFF decoder does not place a limit on the size of compressed tile data

The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and...

kurwov vulnerable to Denial of Service due to improper data sanitization

Summary An unsafe sanitization of dataset contents on the MarkovData#getNext method used in Markov#generate and Markov#choose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...