PT-2024-3750 · Unknown · Opupi0 Amqp/Mqtt

Name of the Vulnerable Software and Affected Versions: OPUPI0 AMQP/MQTT versions prior to V5.30 Description: A vulnerability has been identified that allows an attacker with remote shell access or physical access to retrieve credentials due to insufficient protection of stored MQTT client...

CVE-2024-34146

Jenkins Git server Plugin 114.v068ac7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories...

CVE-2024-4163 Privilege Escalation on Skylab IIoT Gateway (IGX)

The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal IGX. However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exe...

CVE-2024-3646

A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the instance when configuring the chat integration. Exploitation of this vulnerability required access to the GitHub...

CVE-2023-48426

u-boot bug that allows for u-boot shell and interrupt over UART...

KDDI HGW BL1500HM 安全漏洞

The KDDI HGW BL1500HM is a home router from KDDI Japan. A security vulnerability exists in HGW BL1500HM 002.001.013 and earlier versions, which stems from a vulnerability that allows an attacker to connect to the product via SSH and using a shell...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server 3.8.0 and later versions, which...

PT-2024-20491 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.8.0 through 3.12.0 Description: An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This issue was reported via the GitHub Bug Bounty...

CVE-2024-2414 Unprotected Primary Channel vulnerability in Movistar 4G router

The primary channel is unprotected on Movistar 4G router affecting E version SWLD71-T1v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges...

MikroTik RouterOS Path Traversal (CVE-2019-3976)

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled. This...

F5 BIG-IP and F5 BIG-IQ Security Vulnerabilities

F5 BIG-IP and F5 BIG-IQ are both products of F5 Corporation, U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IQ is a software-based cloud management solution. The solution supports the...

GitHub Enterprise Server Command Injection Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...

GitHub Enterprise Server Command Injection Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stems from the presence of...

CVE-2024-22239

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access...

Privilege escalation

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access...

CVE-2024-22239

Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access...

CVE-2024-22239

CVE-2024-22239 affects VMware Aria Operations for Networks (formerly vRealize Network Insight). The vulnerability is a local privilege escalation where a console user with access can escalate privileges to obtain a regular shell. VMware’s VMSA-2024-0002 details this alongside four related CVEs (2...

CVE-2023-36498

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to...

CVE-2023-36498

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to...

Dell iDRAC7 Injection (CVE-2016-5685)

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...