CVE-2022-27644

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files...

CVE-2022-27642

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect...

CVE-2022-24973

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...

DEBIAN-CVE-2022-23123

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of...

CVE-2022-24352

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 211210 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko kernel module. The issue results from the...

Vulnerabilities fixed in Cisco Access Points

Cisco has fixed vulnerabilities in several access points. A malicious party could exploit the vulnerabilities to cause a denial-of-service on the vulnerable system, or to execute arbitrary code as root. To execute arbitrary code, the malicious party needs need prior authentication on the command...

The vulnerability of FortiWeb web applications’ network firewalls arises from the failure to take measures to neutralize special elements used in the operating system’s command line. This allows attackers to execute arbitrary code with root user privileges.

The vulnerability of FortiWeb web applications’ network firewalls exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges by sending...

Debian: Security Advisory (DLA-751-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution...

SUSE CVE-2018-6533

An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code a larger...

SUSE CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

SUSE CVE-2022-23124

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getfinderinfo method. The issue results from the lack of proper validation of...

CVE-2022-34450

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root...

PT-2023-13410 · Dell · Powerpath Management Appliance

Name of the Vulnerable Software and Affected Versions: PowerPath Management Appliance version 3.3 Description: The issue allows an authenticated admin user to potentially exploit it and gain unrestricted control or code execution on the system as root. This is a privilege escalation issue...

CVE-2022-40717

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue...

D-Link DIR-2150 缓冲区错误漏洞

D-Link DIR-2150 is a wireless router device from D-Link. D-Link DIR-2150c is vulnerable to a buffer overflow, which can be exploited by attackers to execute code in the root context...

PT-2023-2730 · NetGear · Netgear Rax30

Name of the Vulnerable Software and Affected Versions: NETGEAR RAX30 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this issue, t...

PT-2023-3438 · NetGear · Netgear Routers

Name of the Vulnerable Software and Affected Versions: NETGEAR Multiple Routers affected versions not specified Description: This issue allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. The specific flaw...

CVE-2022-29843 Western Digital My Cloud OS 5 devices Command Injection Vulnerability

A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user...

PT-2023-3459 · Western Digital · Western Digital My Cloud Os 5

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud OS 5 versions prior to 5.26.300 Description: The issue is related to a post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices. This could allow an attacker to execute code ...