It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,.....
6.5CVSS
7AI Score
0.0004EPSS
CVE-2021-47441 mlxsw: thermal: Fix out-of-bounds memory accesses
In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type mlxsw_fan # cat...
7AI Score
0.0004EPSS
7.4AI Score
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67...
7.4AI Score
0.0004EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and...
8.1AI Score
0.0004EPSS
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names,...
7.2AI Score
0.0004EPSS
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...
6.2AI Score
0.0004EPSS
Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the...
7.1AI Score
0.0004EPSS
Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.16(3090516) was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change...
7.1AI Score
0.0004EPSS
7.4AI Score
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the...
8.8AI Score
0.0004EPSS
WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted...
7AI Score
0.0004EPSS
The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user...
7.4AI Score
0.0004EPSS
7.4AI Score
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the...
8.7AI Score
0.0004EPSS
Ltd. is a private scientific and technological enterprise with technology development as the main body, specializing in the research, development, production and sales of remote water, electricity, gas, heat four meters and meter reading system. The water information management platform of...
7.5AI Score
Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware
CVE-2023-43261 - PoC Critical Vulnerability Exposes...
7.9AI Score
0.005EPSS
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. There is an information leakage vulnerability in the integrated management platform of Zhejiang Dahua Technology Co., Ltd. that can be exploited by attackers to obtain sensitive...
6.6AI Score
SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids...
8AI Score
0.0004EPSS
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
7.2AI Score
0.0004EPSS
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
7.2AI Score
0.0004EPSS
In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges...
6.7AI Score
0.0004EPSS
In modem driver, there is a possible system crash due to improper input validation. This could lead to local information disclosure with System execution privileges...
6.7AI Score
0.0004EPSS
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges...
7.1AI Score
0.0004EPSS
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
7.2AI Score
0.0004EPSS
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
7.2AI Score
0.0004EPSS
In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges...
7.2AI Score
0.0004EPSS
In ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges...
7.5AI Score
0.0004EPSS
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges...
7.1AI Score
0.0004EPSS
In Plaintext COUNTER CHECK message accepted before AS security activation, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges...
7.2AI Score
0.0004EPSS
In modem-ps-nas-ngmm, there is a possible undefined behavior due to incorrect error handling. This could lead to remote information disclosure no additional execution privileges...
7.1AI Score
0.0004EPSS
Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running...
7.8AI Score
0.0004EPSS
Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A SQL injection vulnerability exists in the Data Leakage Protection (DLP) system of Beijing Yisetong, which can be exploited by attackers to...
7.8AI Score
In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges...
7.2AI Score
0.0004EPSS
In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...
7.2AI Score
0.0004EPSS
In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges...
7.2AI Score
0.0004EPSS
In faceid service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges...
7.1AI Score
0.0004EPSS
In Network Adapter Service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...
7.1AI Score
0.0004EPSS
Beijing Yisetong Technology Development Co., Ltd. is a domestic data security, network security and security services provider of three major business. A SQL injection vulnerability exists in the Data Leakage Protection (DLP) system of Beijing Yisetong, which can be exploited by attackers to...
7.8AI Score
KyLinFortress is an all-in-one Fortress, SSL VPN, Dynamic Password and CA Certificate. COSCO KyLin Technology Company Limited KyLin Barrier Machine suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the...
7.4AI Score
Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. An unauthorized access vulnerability exists in the integrated management platform of Zhejiang Dahua Technology Co. Ltd.'s Intelligent Park, which can be exploited by an attacker to add users...
7AI Score
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
7.1AI Score
0.0004EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
7.1AI Score
0.0004EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
7.1AI Score
0.0004EPSS
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing.....
7.1AI Score
0.0004EPSS
Beijing Yisaitong Technology Development Co., Ltd. is a company whose business scope includes technical services, technology development, technology consulting, technology exchange, technology transfer, technology promotion and so on. There is a SQL injection vulnerability in the electronic...
7.5AI Score
COSCO KyLin Technology Co., Ltd. is a R&D-oriented software development company, the company's main products are COSCO KyLin Barrier Machine, KyLin SSL VPN, KyLin Dynamic Password System, KyLin Cloud Desktop and so on. Our main products are COSCO Kirin SSL VPN, Kirin Dynamic Password System, Kirin....
7.5AI Score
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at...
7.9AI Score
0.0004EPSS
Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at...
7.9AI Score
0.0004EPSS