Juniper Networks Junos OS and Juniper Networks Junos OS Evolved Security Vulnerabilities

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper...

CVE-2024-36359

A cross-site scripting XSS vulnerability in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order ...

CVE-2023-44247

A double free vulnerability CWE-415 vulnerability in Fortinet FortiOS 6.4 all versions may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests...

(Pwn2Own) Oracle VirtualBox AHCI Controller Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2024-24910

A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target...

The vulnerability of the Graphics component in Linux microsoftware in embedded Qualcomm chips allows a hacker to execute arbitrary code with elevated privileges.

The vulnerability of the Graphics component in Linux microprogramming software in Qualcomm embedded chips is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...

CVE-2023-52331

A post-authenticated server-side request forgery SSRF vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

Input validation

An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...

Server side request forgery (ssrf)

A post-authenticated server-side request forgery SSRF vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to...

PAN-OS: OS Command Injection Vulnerability in the Web Interface

An OS command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall. Work around: This issue requires the attacker to have authenticated access...

CVE-2023-28797

Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user...

Zscaler Client Connector Backlink Vulnerability

Zscaler Client Connector is an application from zscaler. An application that is installed on a device to ensure that Internet traffic and access to an organization's internal applications are secure and in compliance with the organization's policies, even when not on the corporate network. A...

PT-2023-22936 · Unknown · Hdcp Trustlet

Name of the Vulnerable Software and Affected Versions: HDCP trustlet versions prior to SMR Oct-2023 Release 1 Description: The issue is a stack-based buffer overflow that allows local privileged attackers to perform code execution. This can be exploited by attackers to execute malicious code...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2023-013 (ALASFIREFOX-2023-013)

The version of firefox installed on the remote host is prior to 102.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-013 advisory. Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian...

(Pwn2Own) Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in order to exploit this vulnerability. The specific flaw exists within the...

Aruba Networks InstantOS 安全漏洞

Aruba Networks InstantOS is an Arch Linux-based distribution from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks InstantOS and ArubaOS 10, which stems from a buffer overflow vulnerability in the underlying service that can be exploited by an attacker to execute arbitrary...

Aruba Networks InstantOS 安全漏洞

Aruba Networks InstantOS is an Arch Linux-based distribution from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks InstantOS and ArubaOS 10, which stems from a buffer overflow vulnerability in the underlying service that can be exploited by an attacker to execute arbitrary...

Aruba Networks InstantOS 安全漏洞

Aruba Networks InstantOS is an Arch Linux-based distribution from Aruba Networks, Inc. A security vulnerability exists in Aruba Networks InstantOS and ArubaOS 10, which stems from a buffer overflow vulnerability in the underlying service that can be exploited by an attacker to execute arbitrary...

CVE-2022-42430

This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlanconfig data...

UBUNTU-CVE-2022-42432

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...