YODOBASHI CAMERA CO.,LTD. Security Vulnerabilities

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1274)

The remote host is missing an update for the Huawei...

CVE-2023-6919 Path Traversal in VGuard IP Camera Network Recorder

Path Traversal: '/../filedir' vulnerability in Biges Safe Life Technologies Electronics Inc. VGuard allows Absolute Path Traversal.This issue affects VGuard: before...

CVE-2024-22372

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and...

CVE-2023-51820

An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary...

Huawei EulerOS: Security Advisory for openssl1.1.0f (EulerOS-SA-2019-2254)

The remote host is missing an update for the Huawei...

KB4580327: Windows 10 October 2020 Security Update

The remote Windows host is missing security update 4580327. It is, therefore, affected by multiple vulnerabilities : A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security ...

Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China

The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who.....

CVE-2023-30559

The firmware update package for the wireless card is not properly signed and can be...

Huawei EulerOS: Security Advisory for openssl110h (EulerOS-SA-2019-2218)

The remote host is missing an update for the Huawei...

Command injection

The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the...

Grav Server-side Template Injection (SSTI) via Twig Default Filters

Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection (SSTI) via Insufficient Validation in filterFilter Summary: | Product | Grav CMS | |...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2019-2098)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2019-2430)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2216)

The remote host is missing an update for the Huawei...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3656-1)

This update for the Linux Kernel 4.4.180-94_135 fixes several issues. The following security issues were fixed : CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2020-1061)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2464)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1221)

The remote host is missing an update for the Huawei...

KB4577015: Windows 10 Version 1607 and Windows Server 2016 September 2020 Security Update

The remote Windows host is missing security update 4577015. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run...

KB4577041: Windows 10 Version 1709 September 2020 Security Update

The remote Windows host is missing security update 4577041. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run...

Author Box, Guest Author and Co-Authors for Your Posts – Molongui < 4.7.5 - Information Exposure via ma_debug

Description The plugin is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if...

CVE-2023-43996

An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3648-1)

This update for the Linux Kernel 4.4.121-92_146 fixes several issues. The following security issues were fixed : CVE-2020-25668: Fixed a concurrency use-after-free in con_font_op (bsc#1178622). CVE-2020-25645: Fixed an issue which traffic between two Geneve endpoints may be unencrypted when IPsec.....

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2097)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1063)

The remote host is missing an update for the Huawei...

Command Execution Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03256)

Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the Yisetong Electronic Document Security Management System, which can be exploited by an attacker to....

CVE-2023-0839

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...

Debian: Security Advisory (DSA-2971-1)

The remote host is missing an update for the...

CVE-2023-0839

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...

CVE-2022-43701

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious...

Ubuntu: Security Advisory (USN-4368-1)

The remote host is missing an update for...

Information disclosure

Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin...

KB4574727: Windows 10 Version 1903 and Windows 10 Version 1909 September 2020 Security Update

The remote Windows host is missing security update 4574727. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run...

Command Injection Vulnerability in DIR-822+ V1.0.2 of AUO Electronic Equipment (Shanghai) Co.

DIR-822 is a wireless router from D-Link, a Chinese company. A command injection vulnerability exists in the AUO Electronic Devices (Shanghai) Co. DIR-822+ version V1.0.2, which stems from the SetStaticRouteSettings function failing to correctly filter constructor command special characters,...

KB4577032: Windows 10 Version 1803 September 2020 Security Update

The remote Windows host is missing security update 4577032. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run...

SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:3373-1)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) CVE-2020-8696:...

SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2020:3372-1)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) CVE-2020-8696:...

SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3457-1)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201110 official release. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389 (bsc#1170446) CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 (bsc#1173594) ...

KB4570333: Windows 10 Version 1809 and Windows Server 2019 September 2020 Security Update

The remote Windows host is missing security update 4570333. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run...

Shanghai Zhongyun Digital Win Cloud Computing Technology Co., Ltd Shanghai Old Cadre APP has Logic Flaw Vulnerability

Shanghai Old Cadre app is a senior activity software specially created for some party members and old cadres in Shanghai. Shanghai Zhongyun Digital Win Cloud Computing Technology Co. Shanghai Old Cadre App has a logic flaw vulnerability that can be exploited by attackers to cause SMS...

KB4571756: Windows 10 Version 2004 September 2020 Security Update

The remote Windows host is missing security update 4571756. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run...

Ubuntu: Security Advisory (USN-4369-2)

The remote host is missing an update for...

CVE-2024-22113

Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted...

SQL Injection Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03265)

Beijing Yisaitong Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A SQL injection vulnerability exists in the Yisetong electronic document security management system, which can be exploited by attackers to...

Design/Logic Flaw

An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web...

SUSE SLES12 Security Update : ucode-intel (SUSE-SU-2020:3514-1)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20201118 official release. (bsc#1178971) Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. CVE-2020-8695: Fixed Intel RAPL sidechannel attack (SGX) INTEL-SA-00389...

Ubuntu: Security Advisory (USN-2373-1)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for nettle (EulerOS-SA-2016-1061)

The remote host is missing an update for the Huawei...

U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture

The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities. More than a dozen entities are said to have been targeted, including...

Debian: Security Advisory (DLA-1932-1)

The remote host is missing an update for the...