‼ CVE-2023-46381 ‼
📖 Read
via "National Vulnerability Database".
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46380 ‼
📖 Read
via "National Vulnerability Database".
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40922 ‼
📖 Read
via "National Vulnerability Database".
kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46382 ‼
📖 Read
via "National Vulnerability Database".
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46963 ‼
📖 Read
via "National Vulnerability Database".
An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2018-25092 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20187 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32840 ‼
📖 Read
via "National Vulnerability Database".
In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32834 ‼
📖 Read
via "National Vulnerability Database".
In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4625 ‼
📖 Read
via "National Vulnerability Database".
Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32825 ‼
📖 Read
via "National Vulnerability Database".
In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32818 ‼
📖 Read
via "National Vulnerability Database".
In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32832 ‼
📖 Read
via "National Vulnerability Database".
In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-20702 ‼
📖 Read
via "National Vulnerability Database".
In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32838 ‼
📖 Read
via "National Vulnerability Database".
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46802 ‼
📖 Read
via "National Vulnerability Database".
e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32837 ‼
📖 Read
via "National Vulnerability Database".
In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32836 ‼
📖 Read
via "National Vulnerability Database".
In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08126725; Issue ID: ALPS08126725.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32835 ‼
📖 Read
via "National Vulnerability Database".
In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-25093 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The name of the patch is cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244484.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-32839 ‼
📖 Read
via "National Vulnerability Database".
In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.📖 Read
via "National Vulnerability Database".