CVE-2023-31168 Inclusion of Functionality from Untrusted Control Sphere

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and...

CVE-2023-41739

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors...

CVE-2023-41738

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Directory Domain Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2023-41738

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Directory Domain Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

Command injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Directory Domain Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2023-41739

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors...

CVE-2023-41738

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Directory Domain Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2023-41738

CVE-2023-41738 impacts Synology Router Manager (SRM) prior to 1.3.1-9346-6, within the Directory Domain Functionality. The issue is described as an OS Command Injection caused by improper neutralization of special elements used in operating system commands, allowing remote authenticated users to ...

Occasional EPA scan failures may occur due to incomplete downloading of the Client EPA plugin

Occasional failures in downloading the Client EPA plugin can result in the EPA scan not functioning properly...

CVE-2023-41039 Sandbox escape via various forms of "format" in RestrictedPython

RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...

CVE-2023-41039 Sandbox escape via various forms of "format" in RestrictedPython

RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...

CVE-2023-41039

RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to...

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SOAP API. The issue results from the lack of...

CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. Mitigation /etc/sudoers within the container should use the securepath option to prevent the PATH environment variable...

CVE-2023-40195

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...

CVE-2023-40195

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...

Deserialization of untrusted data

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...

PYSEC-2023-156

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...

CVE-2023-40195

CVE-2023-40195 describes a deserialization-based RCE in the Apache Airflow Spark Provider. When the Spark provider is installed, an Airflow user authorized to configure Spark hooks can point a Spark client at a malicious Spark server, allowing arbitrary Java method execution on the Airflow node v...

SICK LMS5xx 信任管理问题漏洞

The SICK LMS5xx is a series of sensors from SICK, Germany. A security vulnerability exists in the SICK LMS5xx that stems from the use of hard-coded credentials, which could allow an unauthorized, remote attacker to reconfigure settings and/or disrupt the functionality of the device...