CVE-2022-35908

The CVE-2022-35908 affects Cambium Enterprise Wi‑Fi System Software prior to 6.4.2. Root cause: the device-agent does not sanitize the ping host argument. Impact is described as high (C, I, A all high) with Network attack vector and no user interaction required. Remediation: upgrade to version 6....

CVE-2023-3891

Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system...

PT-2023-23866 · Intel · Intel(R) Its

Name of the Vulnerable Software and Affected Versions: IntelR ITS software versions prior to 3.1 Description: The issue is related to incorrect default permissions in the IntelR ITS software, which may allow an authenticated user to potentially enable escalation of privilege via local access...

Cisco Nexus Series Switches CLI Command Injection (CVE-2017-6649)

A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could...

Security Bulletin: Vulnerability Identified in Cloud Pak System (CVE-2020-4914)

Summary Invalidate session vulnerability identified in IBM Cloud Pak System UI and Rest API at logout. IBM Cloud Pak System has addressed vulnerability. Vulnerability Details CVEID:CVE-2020-4914 DESCRIPTION: IBM Cloud Pak System does not invalidate session after logout which could allow a local...

Siemens SCALANCE Command Injection (CVE-2021-37721)

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versions: Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and...

Siemens SCALANCE Command Injection (CVE-2021-37718)

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versions: Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS...

Siemens SCALANCE Command Injection (CVE-2021-37723)

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software versions: Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability. This plugin only works with Tenable.ot. Please visit...

Security Bulletin: Multiple vulnerabilities in IBM Db2 for Linux, UNIX and Windows affect Cloud Pak System (CVE-2022-22389, CVE-2022-22390)

Summary IBM Db2 for Linux, UNIX and Windows is shipped with Cloud Pak System PSM and as PatternType pType . Cloud Pak System has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2022-22389 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to ...

Use-after-free

kernel is vulnerable to Use-after-free. A user is able to trigger concurrent calls of PCM hwparams and hwfree ioctls causing race condition to happen inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system...

CVE-2022-2242

The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled default...

Security Bulletin: Vulnerabilities in Spring Framework affect IBM Cloud Pak System (CVE-2022-22965, CVE-2020-5421)

Summary IBM Cloud Pak System is affected by a remote code execution in Spring Framework CVE-2022-22965 and CVE-2020-5421. IBM Cloud Pak System ships with AWS component that includes it but is not used by it. The fix removes Spring from the product. This security bulletin service applies to IBM...

CVE-2021-33014

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS...

Improper access control

A vulnerability has been identified in SIMATIC STEP 7 TIA Portal V15 All versions, SIMATIC STEP 7 TIA Portal V16 All versions V16 Update 5, SIMATIC STEP 7 TIA Portal V17 All versions V17 Update 2. An attacker could achieve privilege escalation on the web server of certain devices due to improper...

VulnCheck KEV: CVE-2018-0151

A vulnerability in the quality of service QoS subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or execute arbitrary code with elevated privileges...

CVE-2021-45253

The id parameter in viewstorage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted...

PT-2021-4687 · Canonical +1 · Apport +2

Name of the Vulnerable Software and Affected Versions: apport versions prior to 2.14.1-0ubuntu3.29+esm8 apport versions prior to 2.20.1-0ubuntu2.30+esm2 apport versions prior to 2.20.9-0ubuntu7.26 apport versions prior to 2.20.11-0ubuntu27.20 apport versions prior to 2.20.11-0ubuntu65.3...

Ivanti Releases Security Update for Pulse Connect Secure

Ivanti has released Pulse Connect Secure system software version 9.1R12 to address multiple vulnerabilities an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review Ivanti's Security Advisory SA44858 and apply the necessary update. This...

Denial of Service Vulnerability in the CDAsp Component of Honeywell (China) Limited's PKS System Software

The PKS system software CDAsp component provides web services based on the configuration protocol. A denial of service vulnerability exists in the CDAsp component of Honeywell China Limited's PKS system software, which can be exploited by attackers to launch denial of service attacks...

Microarchitectural Data Sampling Advisory

Summary: A potential security vulnerability in CPUs may allow information disclosure. Intel is releasing Microcode Updates MCU updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2018-12126 Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some...