SUSE CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

SUSE CVE-2022-23124

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getfinderinfo method. The issue results from the lack of proper validation of...

SUSE CVE-2022-23123

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of...

CVE-2022-34450

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root...

PT-2023-13410 · Dell · Powerpath Management Appliance

Name of the Vulnerable Software and Affected Versions: PowerPath Management Appliance version 3.3 Description: The issue allows an authenticated admin user to potentially exploit it and gain unrestricted control or code execution on the system as root. This is a privilege escalation issue...

CVE-2022-40717

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue...

D-Link DIR-2150 缓冲区错误漏洞

D-Link DIR-2150 is a wireless router device from D-Link. D-Link DIR-2150c is vulnerable to a buffer overflow, which can be exploited by attackers to execute code in the root context...

PT-2023-2730 · NetGear · Netgear Rax30

Name of the Vulnerable Software and Affected Versions: NETGEAR RAX30 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this issue, t...

PT-2023-3438 · NetGear · Netgear Routers

Name of the Vulnerable Software and Affected Versions: NETGEAR Multiple Routers affected versions not specified Description: This issue allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. The specific flaw...

CVE-2022-29843 Western Digital My Cloud OS 5 devices Command Injection Vulnerability

A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user...

PT-2023-3459 · Western Digital · Western Digital My Cloud Os 5

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud OS 5 versions prior to 5.26.300 Description: The issue is related to a post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices. This could allow an attacker to execute code ...

Lewei Innovation Technology LW9621 缓冲区错误漏洞

The Lewei Innovation Technology LW9621 is a wireless video transmission module camera board from Lewei Innovation Technology China. A security vulnerability exists in the Lewei Innovation Technology LW9621 firmware version 2.0.10, which can be exploited to allow an attacker to remotely execute co...

PT-2022-7388 · Parallels · Parallels Desktop

Name of the Vulnerable Software and Affected Versions: Parallels Desktop affected versions not specified Description: This issue allows local attackers to downgrade Parallels software on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target...

xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

CVE-2021-26730

A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

CVE-2021-26729

Command injection and multiple stack-based buffer overflows vulnerabilities in the Loginhandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

Aruba Networks ClearPass Policy Manager 安全漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability in Aruba Networks ClearPass Policy Manager version 6.10.6 and earlier, 6.9.11 and earlier, which originates from allowing a...

DEBIAN-CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

Device42 参数注入漏洞

Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. A parameter injection vulnerability exists in Device42 CMDB version 18.01.00 and earlier, which stems from a Change Secret username field used in the discovery...