CVE-2024-9050

A flaw was found in the libreswan client plugin for NetworkManager NetkworkManager-libreswan, where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading t...

CVE-2024-20520

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

CVE-2024-20521

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

CVE-2024-20519

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit this vulnerability, an attacker would need to have valid...

CVE-2024-23924

Alpine Halo9 UPDMwemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The...

Cisco NX-OS Software 安全漏洞

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. Cisco NX-OS Software has an authorization issue vulnerability that stems from insufficient security restrictions when executing commands from the Bash shell. An attacker...

CVE-2024-41176

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

SUSE CVE-2024-7539

oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The...

SUSE CVE-2024-7542

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

DEBIAN-CVE-2024-7541

oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

DEBIAN-CVE-2024-7542

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

DEBIAN-CVE-2024-7538

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

DEBIAN-CVE-2024-7537

oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

PT-2024-20209 · Chargepoint · Chargepoint Home Flex

Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to compromise transport security on affected installations. Authentication is not required to exploit this issue. The specific fla...

PT-2024-20183 · Pioneers · Pioneer Dmh-Wt7600Nex

Name of the Vulnerable Software and Affected Versions: Pioneer DMH-WT7600NEX affected versions not specified Description: This issue allows network-adjacent attackers to create arbitrary files on affected installations. Although authentication is required to exploit this, the existing...

PT-2024-20206 · Chargepoint · Chargepoint Home Flex

Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exist...

PT-2024-30979 · Apple · Macos Sonoma +1

Name of the Vulnerable Software and Affected Versions: macOS Sonoma versions prior to 14.6 Description: The issue allows a person with physical access to an unlocked Mac to potentially gain root code execution. This is achieved through a specific exploit that does not require user interaction...

PT-2024-20181 · Alpine · Alpine Halo9

Name of the Vulnerable Software and Affected Versions: Alpine Halo9 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this issue. The...

PT-2024-37481 · Wyze · Wyze Cam V3

Name of the Vulnerable Software and Affected Versions: Wyze Cam v3 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected devices without authentication. The vulnerability stems from a stack-based buffer overflow within the...

(Pwn2Own) Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability

This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature validation mechanism. Th...