iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php. Date published : 2020-09-24 https://ismartgate.com/secure-garage-door/ https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. Date published : 2020-09-24 https://docs.pexip.com/admin/security_bulletins.htm
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request. Date published : 2020-09-23 https://docs.pexip.com/admin/security_bulletins.htm
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the...
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the...
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms. Date published : 2020-09-23 https://www.tenable.com/security/research/tra-2020-55
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wan_type’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for...
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other...
IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180. Date published : 2020-09-23 https://www.ibm.com/support/pages/node/6336361 https://exchange.xforce.ibmcloud.com/vulnerabilities/178180
IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515. Date published : 2020-09-23 https://www.ibm.com/support/pages/node/6336361 https://exchange.xforce.ibmcloud.com/vulnerabilities/177515
PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. Date published : 2020-09-23 https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.html https://gitlab.com/-/snippets/2017709
An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does...
An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used...
An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to...