CVE-2023-42134

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.4520230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability...

CVE-2023-42134

CVE-2023-42134 and CVE-2023-42135 affect PAX Android PoS devices (e.g., A920Pro/A50) and enable local code execution as root via kernel parameter injection in fastboot on affected PayDroid builds before 20230614; CVE-2023-42136 and CVE-2023-42137 enable privilege escalation via shell injection in...

GLSA-202401-21 : KTextEditor: Arbitrary Local Code Execution

The remote host is affected by the vulnerability described in GLSA-202401-21 KTextEditor: Arbitrary Local Code Execution - The LSP Language Server Protocol plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a...

DEBIAN-CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code...

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...

CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

CVE-2023-42566

Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code...

Medium: wireshark

Issue Overview: A heap based buffer overflow in Wireshark's NetScreen file parser may lead to a local arbitrary code execution via a crafted capture file. CVE-2023-6175 Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...

CVE-2023-4931

Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll,...

OESA-2023-1847 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: A heap-based buffer overflow was found in Wireshark's NetScreen file parser. This issue may allow loc...

CVE-2023-6045

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion...

CVE-2023-48200

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component...

PT-2023-30726 · Grocy · Grocy

Name of the Vulnerable Software and Affected Versions: Grocy version 4.0.3 Description: The issue allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within the "/equipment/" component. Recommendations: For Grocy version 4.0.3...

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

CVE-2023-43580

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...

PT-2023-28867 · Lenovo · Smuv11Dxe

Name of the Vulnerable Software and Affected Versions: Lenovo Desktop products affected versions not specified Description: A buffer overflow was reported in the SmuV11Dxe driver that may allow a local attacker with elevated privileges to execute arbitrary code. Recommendations: At the moment,...

PT-2023-28861 · Lenovo · Lemalldriversconnectedeventhook

Name of the Vulnerable Software and Affected Versions: Lenovo Desktop products affected versions not specified Description: A buffer overflow was reported in the LEMALLDriversConnectedEventHook module that may allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2023-42535

Out-of-bounds Write in readblock of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...

CVE-2023-42528

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices prior to SMR Nov-2023 Release 1, which originates from an out-of-bounds write in the readblo...