#pdf

OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).

Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.

Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.

Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.

Certain Lexmark devices through 2023-02-19 have an Integer Overflow.

A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file recovery.php of the component Password Reset. The manipulation of the argument uname/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225360.