CVE-2024-25139

In TP-Link Omada er605 1.0.1 through v2.6 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in...

PT-2024-2555 · Tp Link · Tp-Link Omada Er605

Name of the Vulnerable Software and Affected Versions: TP-Link Omada er605 versions 1.0.1 through 2.2.3 Description: The issue is caused by an integer overflow in the cloud-brd binary, leading to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the conte...

CVE-2023-45591

A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “loggergeneric” function of the “Axrtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service DoS condition, possibly in the execution of arbitra...

VulnCheck KEV: CVE-2022-24989

TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. Shell metacharacters can be placed in raidtype because popen is used without any...

The vulnerability of the xorg-x11-server package, related to the use of memory after it is freed during the processing of Button Action objects, allows for increasing privileges and executing arbitrary code in the root context.

The vulnerability of the xorg-x11-server package is related to the use of memory after it is freed during the processing of Button Action objects. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code in the root context...

AZL-43540 CVE-2023-6395 affecting package python-templated-dictionary 1.1-6

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

UBUNTU-CVE-2023-6395

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

PT-2024-1093 · D Link · Dcs-8300Lhv2

Name of the Vulnerable Software and Affected Versions: D-Link DCS-8300LHV2 affected versions not specified Description: The issue is related to a stack-based buffer overflow vulnerability in the handling of the SetHostName ONVIF call. This vulnerability allows network-adjacent attackers to execut...

D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

PT-2024-1089 · D Link · D-Link Dcs-8300Lhv2

Name of the Vulnerable Software and Affected Versions: D-Link DCS-8300LHV2 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploi...

PT-2024-1090 · D Link · D-Link Dcs-8300Lhv2

Name of the Vulnerable Software and Affected Versions: D-Link DCS-8300LHV2 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. The specific flaw exists within the handling ...

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows a remote attacker to access sensitive data within the export package or perform remote...

CVE-2023-6339 Google Nest WiFi Pro root code-execution & user-data compromise

Google Nest WiFi Pro root code-execution & user-data compromise...

Google Nest Security Breach

Google Nest is a smart home product from Google, Inc. in the United States. Google Nest has a security vulnerability that stems from root code execution and user data leakage...

SUSE CVE-2023-51589

BlueZ Audio Profile AVRCP parsemediaelement Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability ...

PT-2023-7106 · NetGear · Netgear Cax30

Name of the Vulnerable Software and Affected Versions: NETGEAR CAX30 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. The specific flaw exists within the sso binary, resulting fr...

PT-2023-9544 · Cisco · Cisco Small Business Rv042G +3

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, Administrator-level, remote attacker to execute...

CVE-2023-20196

Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of...

CVE-2023-20195

Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of...

PT-2023-7119 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: The issue is related to improper validation of files uploaded to the web-based management interface, allowing an authenticated, remote attacker to upload arbitrary files to an affected...