Zyxel VMG3312-T20A 安全漏洞

The Zyxel VMG3312-T20A is a state-of-the-art VDSL2 gateway from China's Heqin Technology Zyxel. A security vulnerability exists in the Zyxel VMG3312-T20A version 5.30ABFX.5C0, which stems from a potential buffer overflow vulnerability found in some internal functions. An authenticated, local...

Cisco StarOS 命令注入漏洞

Cisco StarOS is a virtualized operating system from Cisco. A command injection vulnerability exists in Cisco StarOS that can be exploited by an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An...

PT-2022-1962 · Cisco · Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure

Name of the Vulnerable Software and Affected Versions: Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI affected versions not specified Description: The issue is related to insufficient access control in the Common Execution Environment CEE ConfD CLI, which could allow an...

CVE-2022-24052

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2022-24050

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

ALPINE-CVE-2022-24050

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a NULL pointer dereference flaw in the udffilewriteiter function in the udf file system. By using a constructed UDF image, an authenticated local attacker could exploit...

CVE-2021-43940

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center...

CVE-2021-33137

Out-of-bounds write in the IntelR Kernelflinger project may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-33096

Improper isolation of shared resources in network on chip for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access...

CVE-2021-0170

Exposure of Sensitive Information to an Unauthorized Actor in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access...

UBUNTU-CVE-2021-33096

Improper isolation of shared resources in network on chip for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access...

PT-2022-2309 · Confd +1 · Confd +1

Name of the Vulnerable Software and Affected Versions: ConfD affected versions not specified Description: A vulnerability in the implementation of the CLI on a device running ConfD could allow an authenticated, local attacker to perform a command injection attack. The issue is due to insufficient...

CVE-2021-35031

A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device...

CVE-2021-35032

A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call...

CVE-2021-42757

A buffer overflow CWE-121 in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments...

CVE-2021-42757

A buffer overflow CWE-121 in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments...

CVE-2021-33106

Integer overflow in the Safestring library maintained by IntelR may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-36325

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

Huawei Cloudengine 5800 安全漏洞

The Huawei Cloudengine 5800 is a 5800 series data center switch from Huawei of China.The Huawei Cloudengine 5800 is vulnerable to a privilege permission and access control issue, which stems from a lack of privilege restrictions, and an authenticated local attacker could perform specific actions ...