WADE DIGITAL DESIGN CO, LTD. Security Vulnerabilities
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass
Title: Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass Advisory ID: ZSL-2024-5820 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary ESE (Elber Satellite Equipment) product line, designed for the...
7.7AI Score
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at...
8.3AI Score
0.0004EPSS
CVE-2023-6363 Mali GPU Kernel Driver allows improper GPU processing operations
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them...
6.7AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit
Title: Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit Advisory ID: ZSL-2024-5813 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 04.04.2024 Summary The TRA7000 series is a set of products dedicated to broadcast,...
7.8AI Score
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at...
8.3AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
7.4AI Score
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...
6.7AI Score
Adobe Creative Cloud Installed
Adobe Creative Cloud, a digital art management application, is installed on the remote Windows...
1.3AI Score
LG LED Assistant, a digital signage management application, is running on the remote...
7AI Score
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Advisory ID: ZSL-2024-5814 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment...
7.7AI Score
5percent-design-action.com Cross Site Scripting vulnerability OBB-3846987
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Adobe Creative Cloud for Mac Installed
Adobe Creative Cloud, a digital art management application, is installed on the remote Mac OS X...
0.8AI Score
7.4AI Score
Empowering Small Businesses in the Digital Age: A Must-Read Guide to Web Application & API Security
Small and medium-sized businesses have increasingly become reliant on web applications - whether they are developed or procured, to drive their operations, engage customers, and scale their businesses. The increasing reliance on online operations is underscored by 84% of businesses using digital...
7.4AI Score
Ltd. is a private scientific and technological enterprise with technology development as the main body, specializing in the research, development, production and sales of remote water, electricity, gas, heat four meters and meter reading system. Shandong Weimicro Technology Co., Ltd. intelligent...
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be invoked from any...
6.7AI Score
0.0004EPSS
design-compe.jp Cross Site Scripting vulnerability OBB-3910068
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be invoked from any...
6.9AI Score
0.0004EPSS
7.4AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through...
4.3CVSS
7.5AI Score
0.0004EPSS
Summary Java on z/OS properties files not read correctly under certain locales / codepages vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2 Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 ...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be invoked from any...
6.5AI Score
0.0004EPSS
7.4AI Score
Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...
7.5AI Score
0.001EPSS
An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe...
6.8AI Score
Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A command execution vulnerability exists in the electronic document security management system of Beijing Yisetong Technology Development Co.,...
7.6AI Score
K000139553: VPN TunnelVision vulnerability CVE-2024-3661
Security Advisory Description By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or...
7.5AI Score
0.0005EPSS
Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account...
6AI Score
0.001EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and...
8.1AI Score
0.0004EPSS
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67...
7.4AI Score
0.0004EPSS
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the...
8.7AI Score
0.0004EPSS
Impacts on ICS from the updated Cyber Assessment Framework (CAF)
NCSC has released an update of the Cyber Assessment Framework (CAF). The CAF represents where the rubber hits the road for the UK’s NIS regulations. TL;DR The NCSC CAF has been updated to version 3.2. There has been a material change to three aspects of the CAF. The changes are broadly sensible...
7.5AI Score
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config
Title: Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Advisory ID: ZSL-2024-5821 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary ESE (Elber Satellite Equipment) product line, designed for the high-end...
7.4AI Score
CVE-2024-5514 MinMax CMS - Hidden Functionality
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without...
7.4AI Score
0.001EPSS
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
7AI Score
0.0004EPSS
Secrecy Concerns Mount Over Spy Powers Targeting US Data Centers
A coalition of digital rights groups is demanding the US declassify records that would clarify just how expansive a major surveillance program really...
7.3AI Score
Inconsistency Between Implementation And Documented Design
nodejs is vulnerable to Inconsistency Between Implementation and Documented Design. The vulnerability is due to generateKeys API function returned from crypto.createDiffieHellman only generates missing (or outdated) keys.This discrepancy between the documented and actual behavior of the API allows....
6.6AI Score
0.001EPSS
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...
6.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through...
7.1CVSS
7.4AI Score
0.0004EPSS
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...
10CVSS
7AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: python-django3-3.2.25-2.fc38
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don't Repeat Yourself)...
7.6AI Score
0.001EPSS
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the...
8.8AI Score
0.0004EPSS
pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/* which is a shared directory for all users on the same local system. There is no uniqueness to the package names within.....
7.6AI Score
0.0004EPSS
Financial institutions ordered to notify customers after a breach, have an incident response plan
The Securities and Exchange Commission (SEC) has announced rules around breaches for certain financial institutions—registered broker-dealers, investment companies, investment advisers, and transfer agents— that require them to have written incident response policies and procedures that can be...
7AI Score
CVE-2024-27062 nouveau: lock the client object tree.
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...
6.5AI Score
0.0004EPSS
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config
Title: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Device Config Advisory ID: ZSL-2024-5815 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS Risk: (5/5) Release Date: 17.04.2024 Summary The SIGNUM controller from Elber satellite equipment demodulates...
7.3AI Score