All Posts by: Prophy Insights

Description Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running

Description Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running

Description A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of

Description Windows Network File System Remote Code Execution Vulnerability. References https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941 For More Information MITRE

Description Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. References https://huntr.dev/bounties/397ea68d-1e28-44ff-b830-c8883d067d96 https://github.com/jsreport/jsreport/commit/afaff3804b34b38e959f5ae65f9e672088de13d7 For More Information MITRE

Description OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. References https://huntr.dev/bounties/d13113ad-a107-416b-acc1-01e4c16ec461 https://github.com/sbs20/scanservjs/commit/d51fd52c1569813990b8f74e64ae6979c665dca1 For More Information MITRE

Description Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted

Description OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. References https://huntr.dev/bounties/fbdeec3c-d197-4a68-a547-7f93fb9594b4 https://github.com/appium/appium-desktop/commit/12a988aa08b9822e97056a09486c9bebb3aad8fe For More Information MITRE

Description The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute

Description IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local

Description Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated

Description typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the

Description A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in

Description Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through

Description Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior

Description VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria

Description The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04

Description A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in

Description vm2 is a sandbox that can run untrusted code with whitelisted Node’s built-in modules. There exists a vulnerability in

Description Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router:

Description memory corruption in modem due to improper check while calculating size of serialized CoAP message. References https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin For More

Description An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the

Description Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent – version 720, allows

Description IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote