Lucene search
K

45 matches found

BDU FSTEC
BDU FSTEC
added 2024/07/04 12:0 a.m.6 views

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands components, as well as the Cloud Service Command Handlers (PushCommandExecute) of the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, allow a intruder to execute arbitrary commands.

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands, as well as the Cloud Service Command Handlers PushCommandExecute in the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, are related to th...

10CVSS6.2AI score0.01324EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.5 views

Cisco NX-OS Software 操作系统命令注入漏洞

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A command injection vulnerability exists in Cisco NX-OS Software, which arises from insufficient validation of parameters passed to specific configuration CLI commands, and...

6.7CVSS7.8AI score0.04271EPSS
Exploits1References3
curl security advisories
curl security advisories
added 2024/03/27 8:0 a.m.9 views

Usage of disabled protocol

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

3.5CVSS6.3AI score0.01681EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2023/07/31 9:33 a.m.13 views

SUSE-SU-2023:3046-1 Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-150100197120 fixes several issues. The following security issues were fixed: - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outboundphypacketcallback bsc1212347. - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized...

6.8CVSS7.2AI score0.0147EPSS
Exploits2References5
OSV
OSV
added 2023/07/31 8:59 a.m.11 views

SUSE-SU-2023:3036-1 Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-1503005990 fixes several issues. The following security issues were fixed: - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCAFLOWERKEYENCOPTSGENEVE packets in flsetgeneveopt in net/sched/clsflower.c bsc1212509. -...

7.8CVSS7.5AI score0.0147EPSS
Exploits3References5
CNNVD
CNNVD
added 2023/07/24 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from flaws in the handling of the SMB2LOGOFF and SMB2CLOSE commands, which lack proper locking when performing operations on objects, and...

8.1CVSS7.4AI score0.02515EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/06/29 9:14 a.m.6 views

golang: cmd/go: go command may generate unexpected code at build time when using cgo

A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names...

9.8CVSS7.1AI score0.01708EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.4 views

SUSE CVE-2018-14349

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message...

6.5CVSS7AI score0.03166EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2022/06/14 2:15 p.m.2 views

CVE-2022-31308

A vulnerability in livemfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function...

7.5CVSS7.2AI score0.01611EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/02/22 9:17 a.m.6 views

kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL

A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them...

5.5CVSS6.6AI score0.00286EPSS
Exploits0References5
OSV
OSV
added 2022/01/10 2:10 p.m.7 views

CVE-2021-38990

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952...

7.8CVSS7.2AI score0.00286EPSS
Exploits0References3
NCSC
NCSC
added 2022/01/07 12:0 a.m.6 views

Vulnerability fixed in IBM AIX

IBM has fixed a vulnerability in AIX. A local malicious party can, through manipulation of the mount command execute arbitrary code, possibly with elevated privileges up to root privileges. IBM has released updates to fix the vulnerability in AIX v 7.1 and 7.2. For more information, see:...

8.4CVSS6.8AI score0.00286EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/01/04 12:0 a.m.8 views

The vulnerability of the FTM Diag command implementation in Qualcomm’s embedded software allows a hacker to write into the operating system space of the modem.

The vulnerability of the FTM Diag command in Qualcomm’s embedded software implementations arises from the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to write data into the operating system space of the modem...

7.8CVSS7.6AI score0.00149EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/11/10 12:0 a.m.7 views

The vulnerability in the `system_mgr.cgi` script of the D-Link DNS-320 network storage software allows a hacker to execute arbitrary code.

The vulnerability in the systemmgr.cgi script of the D-Link DNS-320 FW network storage software is related to errors in eliminating certain elements in the OS command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7AI score0.99968EPSS
Exploits2References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/17 12:0 a.m.6 views

The vulnerability in the implementation of the Net::FTP class in the Ruby interpreter allows a hacker to gain unauthorized access to protected information.

The vulnerability in the implementation of the Net::FTP class in Ruby is related to deficiencies in protecting service data using the PASV command. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

7.8CVSS6.3AI score0.0305EPSS
Exploits1References14Affected Software7
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.4 views

Contiki 安全漏洞

Contiki is an open source cross-platform operating system for IoT Internet of Things devices. A security vulnerability exists in Contiki 3.0 that stems from improper handling of the ls command when there are many long name files in a directory. The vulnerability allows remote attackers to trigger...

7.5CVSS7.4AI score0.01291EPSS
Exploits0References1
OSV
OSV
added 2021/08/04 4:15 p.m.5 views

CVE-2021-26097

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...

8.8CVSS7.4AI score0.01165EPSS
Exploits0References1
Prion
Prion
added 2020/10/26 4:15 p.m.16 views

Design/Logic Flaw

A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...

9CVSS7.1AI score0.02625EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/08/30 9:15 a.m.10 views

CVE-2019-1966

A vulnerability in a specific CLI command within the local management local-mgmt context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand...

7.8CVSS7.3AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2019/01/24 3:29 p.m.4 views

CVE-2019-1650

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An...

8.8CVSS7.4AI score0.03475EPSS
Exploits0References2
Rows per page
Query Builder