45 matches found
The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands components, as well as the Cloud Service Command Handlers (PushCommandExecute) of the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, allow a intruder to execute arbitrary commands.
The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands, as well as the Cloud Service Command Handlers PushCommandExecute in the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, are related to th...
Cisco NX-OS Software 操作系统命令注入漏洞
Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A command injection vulnerability exists in Cisco NX-OS Software, which arises from insufficient validation of parameters passed to specific configuration CLI commands, and...
Usage of disabled protocol
When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...
SUSE-SU-2023:3046-1 Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1)
This update for the Linux Kernel 4.12.14-150100197120 fixes several issues. The following security issues were fixed: - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outboundphypacketcallback bsc1212347. - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized...
SUSE-SU-2023:3036-1 Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-1503005990 fixes several issues. The following security issues were fixed: - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCAFLOWERKEYENCOPTSGENEVE packets in flsetgeneveopt in net/sched/clsflower.c bsc1212509. -...
Linux kernel 安全漏洞
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from flaws in the handling of the SMB2LOGOFF and SMB2CLOSE commands, which lack proper locking when performing operations on objects, and...
golang: cmd/go: go command may generate unexpected code at build time when using cgo
A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names...
SUSE CVE-2018-14349
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message...
CVE-2022-31308
A vulnerability in livemfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function...
kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them...
CVE-2021-38990
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952...
Vulnerability fixed in IBM AIX
IBM has fixed a vulnerability in AIX. A local malicious party can, through manipulation of the mount command execute arbitrary code, possibly with elevated privileges up to root privileges. IBM has released updates to fix the vulnerability in AIX v 7.1 and 7.2. For more information, see:...
The vulnerability of the FTM Diag command implementation in Qualcomm’s embedded software allows a hacker to write into the operating system space of the modem.
The vulnerability of the FTM Diag command in Qualcomm’s embedded software implementations arises from the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to write data into the operating system space of the modem...
The vulnerability in the `system_mgr.cgi` script of the D-Link DNS-320 network storage software allows a hacker to execute arbitrary code.
The vulnerability in the systemmgr.cgi script of the D-Link DNS-320 FW network storage software is related to errors in eliminating certain elements in the OS command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability in the implementation of the Net::FTP class in the Ruby interpreter allows a hacker to gain unauthorized access to protected information.
The vulnerability in the implementation of the Net::FTP class in Ruby is related to deficiencies in protecting service data using the PASV command. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
Contiki 安全漏洞
Contiki is an open source cross-platform operating system for IoT Internet of Things devices. A security vulnerability exists in Contiki 3.0 that stems from improper handling of the ls command when there are many long name files in a directory. The vulnerability allows remote attackers to trigger...
CVE-2021-26097
An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...
Design/Logic Flaw
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...
CVE-2019-1966
A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...
CVE-2019-1650
A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An...