Design/Logic Flaw

PAX A930 device with PayDroid7.1.1VirgoV04.5.0220220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability...

The vulnerability of the bs_SetLimitCli_info function in the /lib/libshare-0.0.26.so library of the LB-LINK router software allows a attacker to gain full access to the device.

The vulnerability of the bsSetLimitCliinfo function in the /lib/libshare-0.0.26.so file of the LB-LINK router software is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full...

CVE-2023-25544

Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks...

SUSE CVE-2017-10311

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: FTS. Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

SUSE CVE-2022-21462

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2022-41958 Deserialization Vulnerability by yaml config input in super-xray

super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit 4d0d5966 and will be...

PT-2022-26183 · Unknown · Super-Xray

Name of the Vulnerable Software and Affected Versions: super-xray versions prior to 0.7 Description: The issue concerns a web vulnerability scanning tool that assumed trusted input for the program config stored in a yaml file. An attacker with local access to the file could exploit this and...

CVE-2022-26341

Insufficiently protected credentials in software in IntelR AMT SDK before version 16.0.4.1, IntelR EMA before version 1.7.1 and IntelR MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access...

CVE-2022-30124

An improper authentication vulnerability exists in Rocket.Chat Mobile App 4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication PIN code...

The vulnerability of the Slurm resource manager management module, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.

The vulnerability of the Slurm resource manager is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions from a remote location...

CVE-2022-23167

CVE-2022-23167 affects Amodat Mobile Application Gateway. The issue is a Local File Inclusion (LFI) in the web endpoint implemented as /mobile/downloadfile.aspx?Filename=../.. /windows/boot.ini, reachable unauthenticated. This allows an attacker to read sensitive files on the host. Public materia...

CVE-2021-3721

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error...

Vulnerabilities fixed in Cisco Identity Services Engine

Cisco has fixed vulnerabilities in the Identity Services Engine ISE. A malicious party could potentially exploit the vulnerabilities to obtain sensitive data, or execute arbitrary code with root privileges. To obtain sensitive data, the malicious party must be authenticated to the management...

QSAN Storage Manager Path Traversal Vulnerability (CNVD-2021-48976)

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A path traversal vulnerability exists in FileStreaming in QSAN Storage Manager 3.3.1 and earlier versions. An attacker can exploit this vulnerability by injecting symbolic links to access arbitrary files...

QSAN Storage Manager 后置链接漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A security vulnerability exists in QSAN Storage Manager, which can be exploited by remote attackers to create symbolic links and then access arbitrary files...

Ruby Parameter Injection Vulnerability

Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the individual developer, Yukihiro Matsumoto. A parameter injection vulnerability exists in Ruby versions prior to 1.4.0, which can be exploited by an attacker to read and write arbitrary files via a crafted UR...

Fedora has an unspecified vulnerability

Fedora is a set of Linux operating systems from the Fedora community. A security vulnerability exists in Fedora's Mounting /proc filesystem, which can be exploited by an attacker to bypass the chroot environment and gain write access to files...

Apache Commons IO Path Traversal Vulnerability

Apache Commons IO is an application from the American Apache Foundation Apache Inc. It can help develop IO functionality. A path traversal vulnerability exists in Apache Commons IO versions 2.2 through 2.6. The vulnerability is related to the FileNameUtils.normalize method. An attacker can exploi...

CVE-2021-2318

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

Oracle Cloud Infrastructure Storage Gateway 安全漏洞

Oracle Cloud Infrastructure Storage Gateway is an application gateway from Oracle Corporation in the United States. A security vulnerability in Oracle Cloud Infrastructure Storage Gateway Management Console Prior to 1.4 allows a highly privileged attacker accessed over an HTTP network to compromi...