Buildroot BR_NO_CHECK_HASH_FOR data integrity vulnerability

Talos Vulnerability Report TALOS-2023-1845 Buildroot BRNOCHECKHASHFOR data integrity vulnerability December 5, 2023 CVE Number CVE-2023-43608 SUMMARY A data integrity vulnerability exists in the BRNOCHECKHASHFOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted...

CVE-2023-24046

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility...

CVE-2023-24046

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility...

CVE-2023-24046

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility...

Design/Logic Flaw

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility...

Arbitrary Command Execution

org.jupiter-rpc:jupiter-serialization-kryo is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper configuration which allows remote class loading. The deserialization vulnerability allows an attacker to execute arbitrary commands via crafted RPC requests...

TOTOLINK X6000R informEnable Parameter Command Execution Vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK X6000R version V9.4.0cu.852B20230719, which stems from the failure of the formEnable parameter of the sub4119A0 function to correctly filter the construct command...

Connectize G6 AC2100 Security Vulnerability

The Connectize G6 AC2100 is a wireless router from Connectize. A security vulnerability exists in the Connectize G6 AC2100 version 641.139.1.1256 that originates from allowing an attacker to run arbitrary commands by using specially crafted strings in the ping utility...

PT-2023-9118 · Dell · Dell Powerprotect Data Manager Dm5500

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect Data Manager DM5500 version 5.14.0.0 Description: The issue exists due to the lack of neutralization of special elements used in an operating system command. A remote attacker with high privileges could potentially exploit...

CVE-2023-48886

A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request...

CVE-2023-48887

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request...

CVE-2023-48886

A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request...

CVE-2023-48886

A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request...

CVE-2023-45168

Summary of CVE-2023-45168 (IBM AIX invscout): Affects IBM AIX versions 7.2 and 7.3 and VIOS 3.1. A local, non-privileged user can exploit a vulnerability in the invscout command to execute arbitrary commands. The vulnerability stems from the invscout component and has a high impact on confidentia...

CVE-2023-48886

A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request...

PT-2023-30998 · Nettyrpc · Nettyrpc

Name of the Vulnerable Software and Affected Versions: NettyRpc version 1.2 Description: A deserialization vulnerability allows attackers to execute arbitrary commands via sending a crafted RPC request. Recommendations: For NettyRpc version 1.2, at the moment, there is no information about a newe...

CVE-2023-48886

Summary: CVE-2023-48886 targets NettyRpc v1.2 with a deserialization vulnerability that enables remote arbitrary command execution via a crafted RPC request. The CVSS v3.1 base score reported is 9.8 (CRITICAL), with network access required and no user interaction. Several connected sources corrob...

NettyRpc Security Vulnerability

NettyRpc is a lightweight distributed RPC framework. A security vulnerability exists in NettyRpc v1.2, which stems from the presence of a deserialization vulnerability that allows an attacker to execute arbitrary commands by sending a crafted RPC request...

CVE-2023-48887

CVE-2023-48887 applies to Jupiter v1.3.1 and describes a deserialization vulnerability that allows an attacker to execute arbitrary commands by sending a crafted RPC request. The issue is categorized as a high/critical remote code execution risk (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Mu...

Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2023-45168)

Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands CVE-2023-45168. Vulnerability Details CVEID:CVE-2023-45168 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to...