Google Nest Security Breach

Google Nest is a smart home product from Google, Inc. in the United States. Google Nest has a security vulnerability that stems from root code execution and user data leakage...

SUSE CVE-2023-51589

BlueZ Audio Profile AVRCP parsemediaelement Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability ...

PT-2023-7106 · NetGear · Netgear Cax30

Name of the Vulnerable Software and Affected Versions: NETGEAR CAX30 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. The specific flaw exists within the sso binary, resulting fr...

PT-2023-9544 · Cisco · Cisco Small Business Rv042G +3

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, Administrator-level, remote attacker to execute...

PT-2023-9642 · Cisco · Cisco Small Business Rv340W +3

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers versions prior to 1.0.03.29 Description: A vulnerability in the web-based management interface of the affected devices could allow an authenticated, remote...

CVE-2023-20196

Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of...

CVE-2023-20195

Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of...

PT-2023-7119 · Cisco · Cisco Ise

Name of the Vulnerable Software and Affected Versions: Cisco ISE affected versions not specified Description: The issue is related to improper validation of files uploaded to the web-based management interface, allowing an authenticated, remote attacker to upload arbitrary files to an affected...

ABUS TVIP Security Vulnerability

ABUS TVIP is a series of video surveillance cameras from the German company ABUS. A security vulnerability exists in ABUS TVIP that stems from the presence of path traversal, which allows an attacker to write to a file to arbitrarily execute code with root privileges...

CVE-2023-44959

An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page...

CVE-2023-43478

fakeupload.cgi on the Telstra Smart Modem Gen 2 Arcadyan LH1000, firmware versions 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution ...

PT-2023-28838 · Telstra · Telstra Smart Modem Gen 2

Name of the Vulnerable Software and Affected Versions: Telstra Smart Modem Gen 2 Arcadyan LH1000 versions prior to 0.18.15r Description: The issue allows unauthenticated attackers to upload firmware images and configuration backups, potentially leading to code execution as root. This could enable...

D-Link DAP-2622 DDP Set SSID List RADIUS Server Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation ...

CVE-2023-41028

A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root...

CVE-2023-33469

In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect 2 and VIA Go 2 devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level...

PT-2023-26965 · Softing · Softing Secure Integration Server

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to create directories on affected installations, despite requiring authentication to exploit. The flaw exists within the handlin...

PT-2023-26966 · Softing · Softing Secure Integration Server

Name of the Vulnerable Software and Affected Versions: Softing Secure Integration Server affected versions not specified Description: This issue allows remote attackers to create arbitrary files on affected installations, despite requiring authentication, which can be bypassed. The flaw exists...

FreeBSD Security Vulnerabilities

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD versions 13.1 and 13.2, which stems from a buffer overflow vulnerability in the fwctl driver state machine. The vulnerability can be exploited to execute arbitrary code as root ...

PT-2023-7954 · D Link · D-Link G416

Name of the Vulnerable Software and Affected Versions: D-Link G416 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. The specific flaw exists within the HTTP service...

PT-2023-7956 · D Link · D-Link G416

Name of the Vulnerable Software and Affected Versions: D-Link G416 affected versions not specified Description: The issue is related to a command injection vulnerability in the flupl pythonmodules of D-Link G416 wireless routers. This vulnerability allows network-adjacent attackers to execute...