CVE-2023-0750 : YELLOBRIK PEC-1864 CLIENT-SIDE ENFORCEMENT OF SERVER-SIDE SECURITY

Description

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : – Change the password, resulting in a DOS of the users – Change the streaming source, compromising the integrity of the stream – Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued.

References

https://support.lynx-technik.com/support/solutions/articles/1000317081-pec-1864-web-ui-for-configuration

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-21683 : ATLASSIAN CONFLUENCE DATA CENTER UP TO 8.9.0 PRIVILEGE ESCALATION

CVE-2024-21683 : ATLASSIAN CONFLUENCE DATA CENTER UP TO 8.9.0 PRIVILEGE ESCALATION

Description This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.

CVE-2024-3927 : ELEMENT PACK ELEMENTOR ADDONS PLUGIN UP TO 5.6.3 ON WORDPRESS ACCESS CONTROL

CVE-2024-3927 : ELEMENT PACK ELEMENTOR ADDONS PLUGIN UP TO 5.6.3 ON WORDPRESS ACCESS CONTROL

Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is

CVE-2024-36053 : LINUXMINT MINTUPLOAD UP TO 4.2.0 SERVICE OS COMMAND INJECTION

CVE-2024-36053 : LINUXMINT MINTUPLOAD UP TO 4.2.0 SERVICE OS COMMAND INJECTION

Description In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in