| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests. |
| Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 and later and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets. |
| A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory. |
| Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks. |
| In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. |
| NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. |
| In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools |
| In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter |
| A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. |
| Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02 |
| Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.
Affected products:
ABB ASPECT - Enterprise v3.07.02;
NEXUS Series v3.07.02;
MATRIX Series v3.07.02 |
| Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series
v3.08.01
; MATRIX Series
v3.08.01 allows Attacker to execute arbitrary code remotely |
| The Candid library causes a Denial of Service while
parsing a specially crafted payload with 'empty' data type. For example,
if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop.
Canisters using affected versions of candid
are exposed to denial of service by causing the decoding to run
indefinitely until the canister traps due to reaching maximum
instruction limit per execution round. Repeated exposure to the payload
will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected.
|
| 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device.
Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. |
| Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network.
Axis has released patched AXIS OS versions for the highlighted flaw for products that are still under AXIS OS software support. Please refer to the Axis security advisory for more information and solution. |
| jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.
|
| A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance.
This issue affects Avast Antivirus prior to 24.2. |
| Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. |
| An improper access control was identified in the Identity Security Cloud (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata (opaque messageIDs, work queue depth and counts) for other tenants. |
| Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low) |
