17 matches found
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000378)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000378 advisory. An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasascreateframepool fails in megasasalloccmds in...
SUSE CVE-2023-54234
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc-evtackcmds initialization Commit c1af985d27da "scsi: mpi3mr: Add Event acknowledgment logic" introduced an array mrioc-evtackcmds but initialization of the array elements was missed. They are just...
EUVD-2022-36298
Malicious code in bioql PyPI...
ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Exploit
ABB Cylon FLXeon version 9.3.4 is vulnerable to authenticated root command execution via the cmds API. An authenticated attacker can execute arbitrary system commands with root privileges. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 cmds.js Authenticated Root Remote Code Execution Vendor: ABB Lt...
VulnCheck KEV: CVE-2020-17505
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...
kernel: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmfcpreinitdcmds This patch fixes a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strsep in...
CVE-2023-37907
Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation LPE for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawn...
CVE-2023-37907 Cryptomator's MSI installer allows local privilege escalation
Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation LPE for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawn...
CVE-2022-33255
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device...
CVE-2022-33255 Buffer over-read in Bluetooth HOST
Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device...
CVE-2021-45778
Removed by vendor...
CVE-2021-39652
In sectsparsingcmds of TBD, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
CVE-2020-17505
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...
PT-2020-15027 · Artica · Artica Web Proxy
Name of the Vulnerable Software and Affected Versions: Artica Web Proxy version 4.30.000000 Description: The issue allows an authenticated remote attacker to inject commands via the service-cmds parameter in "cyrus.php". These commands are executed with root privileges through the service cmds...
bro -- array bounds and potential DOS issues
Corelight reports: Bro 2.5.5 primarily addresses security issues: Fix array bounds checking in BinPAC: for arrays that are fields within a record, the bounds check was based on a pointer to the start of the record rather than the start of the array field, potentially resulting in a buffer...
DoD Inspector General Calls Out Army CIO For Poor Mobile Device Security
The CIO of the U.S. Army failed to put in place a comprehensive security program capable of protecting data stored on commercial mobile devices such as iPhones and Androids, leaving sensitive information in key Army installations exposed. The Inspector General of the Department of Defense took th...
AIX 6.1 TL 6 : bos.aixpert.cmds (U829665)
The remote host is missing AIX PTF U829665, which is related to the security of the package bos.aixpert.cmds. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from AIX Security PTF U829665. The text itself is copyright C...