In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn’t verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.
View Full Alert
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS. View Full Alert
KeyIdentity LinOTP before 18.104.22.168 has Incorrect Access Control (issue 1 of 2). View Full Alert