AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
This affects an unknown part of the file /api/authentication/login of the component WebTools. Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.Ī vulnerability classified as critical has been found in ColumbiaSoft Document Locator. LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Īttacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.Īn attacker is able to steal secrets and potentially gain remote code execution via CSRF using the Prefect API. VDB-245062 is the identifier assigned to this vulnerability. The exploit has been disclosed to the public and may be used. The manipulation leads to information disclosure. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system.Ī vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality.
0 Comments
Read More
Leave a Reply. |