Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

HyperSQL DataBase flaw leaves library vulnerable to RCE

Mishandling of untrusted input issue resolved by developers

PortSwigger
Open in Source
#sql#vulnerability#apache#java#intel#rce#log4j#maven
CVE-2022-36368: IPFire 2.27 - Core Update 170 released - The IPFire Blog

Multiple stored cross-site scripting vulnerabilities in the web user interface of IPFire versions prior to 2.27 allows a remote authenticated attacker with administrative privilege to inject an arbitrary script.

CVE-2021-4228: spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows – Nozomi Networks

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle (MitM) attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0.

CVE-2021-46279: Session Fixation and Insufficient Session Expiration - CVE-2021-46279 – Nozomi Networks

Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-44776: spx_restservice SubNet_handler_func Broken Access Control - CVE-2021-44776 – Nozomi Networks

A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-44467: spx_restservice KillDupUsr_func Broken Access Control - CVE-2021-44467 – Nozomi Networks

A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-26728: spx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow CVE-2021-26728 – Nozomi Networks

Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-26729: spx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow CVE-2021-26729 – Nozomi Networks

Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

CVE-2021-26730: spx_restservice Login_handler_func Subfunction Stack-Based Buffer OverflowCVE-2021-26730 – Nozomi Networks

A stack-based buffer overflow vulnerability in a subfunction of the Login_handler_func function of spx_restservice allows an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Nok Nok, a Global Leader in Customer Passwordless Authentication, Releases Full Support for Passkeys

Nok Nok, an inventor of FIDO authentication standards, announces full support for passkeys in its S3 Authentication Suite that allows organizations to replace passwords.