148 matches found
PT-2024-16531 · Sick Ag +1 · Sick Inspectorp61X +4
Name of the Vulnerable Software and Affected Versions: Product affected versions not specified Description: The product is vulnerable to remote code execution due to missing input validation during one step of the firmware update process. An attacker with network access and the user level "Servic...
Asterisk AMI Originate Authenticated RCE
On Asterisk, prior to versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with 'write=originate' may change all configuration files in the '/etc/asterisk/' directory. Writing a new extension can be created which performs a system command to...
CVE-2018-9349
In mverrcost of mcomp.c there is a possible out of bounds read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation...
ROS-20241029-14
The vulnerability in the Podman OCI container management and launching software tool is related to issues with the symbolic link issues when running a malicious image using the automatically assigned user namespace --userns=auto. Exploitation of the vulnerability could allow an attacker to create...
Microweber CMS 1.2.10 Local File Inclusion (Authenticated)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microweber CMS v1.2.10 Local File Inclusion Authenticated', 'Description' = %q Microweber CMS v1.2.10 has a backup functionality. Upload and...
ROS-20240814-05
A vulnerability in the "Save As" function of Mozilla Firefox, Firefox ESR and Thunderbird email client on Windows operating systems is related to insufficient input data validation. Thunderbird email client of Windows operating systems is related to insufficient input data validation. Exploitatio...
CVE-2024-20067
In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID: MSV-1462...
CVE-2024-25996
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...
CVE-2024-25996
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...
Remote code execution
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...
CVE-2024-25996
CVE-2024-25996 affects PHOENIX CONTACT CHARX SEC devices (CHARX SEC-3000 family). The root cause is an origin validation error that enables an unauthenticated remote attacker to execute arbitrary code remotely. Impact is remote code execution with high severity; exploit appears network-proximate ...
CVE-2024-25996 PHOENIX CONTACT: Remote code execution due to an origin validation error in CHARX Series
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user...
CVE-2024-20721 T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words
Acrobat Reader T5 MSFT Edge versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue...
CVE-2023-21176
In listkeyentries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
CVE-2023-25187
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change factory-time installed default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server disable...
ROS-20230420-03
The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an operation exceeding the memory buffer boundaries when checking the number of available bytes of regulated threads. operation exceeds buffer boundaries in memory when checking the number of available...
PUB-A-246749764
In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation...
SUSE CVE-2011-1551
SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon...
SUSE CVE-2016-6829
The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
PUB-A-227203202
In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation...