Month: March 2023

lambdaisland/uri security bypass | CVE-2023-28628

NAME__________lambdaisland/uri security bypassPlatforms Affected:lambdaisland/uri lambdaisland/uri 1.13.95Risk Level:5.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________lambdaisland/uri could allow a remote attacker to bypass security restrictions, caused by a flaw with authority-regex function returns the wrong authority. By…

IEEE 802.11 spoofing | CVE-2022-47522

NAME__________IEEE 802.11 spoofingPlatforms Affected:IEEE 802.11Risk Level:7.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________IEEE 802.11 could allow a remote attacker to conduct spoofing attacks, caused by an improper implemented authentication schemes flaw in the Packet Routing…

RouterOS denial of service | CVE-2023-24094

NAME__________RouterOS denial of servicePlatforms Affected:Risk Level:5.3Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________RouterOS is vulnerable to a denial of service, caused by memory corruption in the bridge2 component. By sending specially-crafted packers,…

Hitachi SDM600 security bypass | CVE-2022-3686

NAME__________Hitachi SDM600 security bypassPlatforms Affected:Hitachi Energy SDM600Risk Level:4.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Hitachi SDM600 could allow a remote attacker to bypass security restrictions, caused by a flaw in API permission check mechanism. By…

JetBrains TeamCity cross-site scripting | CVE-2022-48426

NAME__________JetBrains TeamCity cross-site scriptingPlatforms Affected:Risk Level:4.6Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________JetBrains TeamCity is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Perforce connection settings. A remote authenticated attacker…