Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A resource management error vulnerability exists in Qualcomm Chipsets that stems from a memory corruption that occurs when processing frame command IOCTL calls...

The vulnerability of the visualization and industrial process management system mySCADA myPRO Runtime and the mySCADA myPRO Manager lies in the lack of authentication for a critical function, allowing attackers to bypass the authentication process.

The vulnerability of the industrial process visualization and control systems mySCADA myPRO and mySCADA myPRO Manager lies in the lack of authentication for a critical function used in the operating system’s command interface. Exploiting this vulnerability could allow an attacker to bypass the...

CVE-2024-38555

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command...

CVE-2024-38555

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command...

CVE-2024-38555 net/mlx5: Discard command completions in internal error

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command...

CVE-2024-38555 net/mlx5: Discard command completions in internal error

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command...

SUSE CVE-2023-52624

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands Why DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. How Add dcwakeandexecutegpint to wrap the wake,...

PT-2024-22423 · Unknown · Webedition Cms

Name of the Vulnerable Software and Affected Versions: Webedition CMS version 9.2.2.0 Description: The issue is related to a File upload vulnerability. This vulnerability can be exploited via the /webEdition/we cmd.php API endpoint. Recommendations: For Webedition CMS version 9.2.2.0, as a...

CVE-2023-37925

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...

The vulnerability of the command-line interface of the Fortinet FortiManager device and the FortiAnalyzer network switch allows a perpetrator to execute arbitrary commands.

The vulnerability of the command-line interface of the Fortinet FortiManager device management system, as well as the FortiAnalyzer network switch, is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow attackers to execute arbitrary commands...

CVE-2023-38902

A command injection vulnerability in RG-EW series home routers and repeaters v.EW3.01B11P219, RG-NBS and RG-S1930 series switches v.SWITCH3.01B11P219, RG-EG series business VPN routers v.EG3.01B11P219, EAP and RAP series wireless access points v.AP3.01B11P219, and NBC series wireless controllers...

kernel: net/mlx5: Fix possible use-after-free in async command interface

A flaw was found in the net/mlx5 subsystem of the Linux kernel where a race condition in the asynchronous command interface can lead to a use-after-free condition. The function mlx5cmdcleanupasyncctx may return before all callback handlers have completed, allowing the context to be freed while...

GSD-2022-1007165 net/mlx5: Fix possible use-after-free in async command interface

net/mlx5: Fix possible use-after-free in async command interface This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.153 by commit...

GSD-2022-1006618 net/mlx5: Fix possible use-after-free in async command interface

net/mlx5: Fix possible use-after-free in async command interface This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...

PT-2022-35193 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.77 Description: The issue is related to a possible use-after-free in the async command interface of net/mlx5. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

PT-2022-6638 · Cisco · Cisco Network Convergence System (Ncs) 4000 Series +1

Name of the Vulnerable Software and Affected Versions: Cisco Network Convergence System NCS 4000 Series affected versions not specified Description: The issue is related to the TL1 function of the Cisco Network Convergence System NCS 4000 Series, which is associated with uncontrolled memory...

DEBIAN-CVE-2021-4041

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

sphere 路径遍历漏洞

sphere is a Python library that implements the Brain Command Interface System by the individual developer Noam Ezekiel. A security vulnerability exists in sphere version 2020-05-31 and earlier, which stems from an incorrect call to Flask's sendfile function that results in absolute path traversal...

The vulnerability of the command interface of Cisco IP Phone microprogramming software arises due to an incorrect restriction on the path to the restricted access directory. This allows a malicious individual to read any file in the device’s file system.

The vulnerability of the command interface of Cisco IP Phone microprogramming software exists due to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a attacker to read any file in the device’s file system...

The vulnerability of the zsh shell’s command interface, related to the failure to take measures to neutralize special elements, allows a hacker to execute arbitrary commands.

The vulnerability of the zsh shell lies in the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...