CVE-2021-26730

A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

CVE-2021-26729

Command injection and multiple stack-based buffer overflows vulnerabilities in the Loginhandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

Aruba Networks ClearPass Policy Manager 安全漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability in Aruba Networks ClearPass Policy Manager version 6.10.6 and earlier, 6.9.11 and earlier, which originates from allowing a...

DEBIAN-CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

Device42 参数注入漏洞

Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. A parameter injection vulnerability exists in Device42 CMDB version 18.01.00 and earlier, which stems from a Change Secret username field used in the discovery...

PT-2022-5529 · D Link · D-Link Dir-1935

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can b...

PT-2022-5480 · Tp Link · Tp-Link Tl-Wr841N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR841N versions TL-WR841NUS V14 220121 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Although authentication is required to exploit this...

CVE-2022-34892

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2022-34891

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2022-34901

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists...

CVE-2022-34892

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

UBUNTU-CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

PT-2022-5537 · D Link · D-Link Dir-1935

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: The issue is related to the handling of SetWebFilterSetting requests in the web management portal of D-Link DIR-1935 routers. Specifically, when parsing the WebFilterURLs element, the process does not...

UBUNTU-CVE-2021-3899

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks. A security vulnerability exists in Palo Alto Networks PAN-OS. An attacker could use this vulnerability to upload a specially created configuration that interrupts system processes and executes arbitrary code...

CVE-2022-30234

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

PT-2022-13923 · Hestiacp · Hestiacp

Name of the Vulnerable Software and Affected Versions: hestiacp/hestiacp versions prior to 1.5.12 Description: The issue allows an authenticated remote attacker with low privileges to execute arbitrary code under root context. This is due to a command injection vulnerability in the GitHub...

TotoLink EX300 命令注入漏洞

TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China.TotoLink EX300v2 V4.0.3c.140B20210429 version has a command injection vulnerability, which can be exploited by attackers to remotely execute code as root via MitM attack...

TotoLink EX300 命令注入漏洞

TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China.TotoLink EX300v2 V4.0.3c.140B20210429 is vulnerable to command injection, which can be exploited by unauthenticated attackers to remotely execute code as root via MitM attack...