CVE-2023-6711

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an...

PT-2023-8936 · Tp Link · Tp-Link Omada Er605

Name of the Vulnerable Software and Affected Versions: TP-Link Omada ER605 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this issue. The...

CVE-2023-45674 SQL injection vulnerability in Farmbot-Web-App

Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database including the user table. This issue may lead to Information Disclosur...

CVE-2023-42768

When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note:...

Wings 安全漏洞

Wings is the server control interface for Pterodactyl Panel. A security vulnerability exists in Wings versions prior to 1.7.5 and 1.11.6, which can be exploited by an attacker to gain access to the host...

SUSE CVE-2022-3061

Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error...

PT-2023-1003 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. The issue is related to missing locks in SNDRV CTL IOCTL ELEM READ|WRITE32 that can be used in a...

The vulnerability of the iControl REST interface for access control and remote authentication in BIG-IP allows a perpetrator to circumvent existing security restrictions.

The vulnerability of the iControl REST interface for access control and remote authentication in BIG-IP involves insufficient checking of arguments passed in commands. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

The vulnerabilities of the System Control Interface and AsusSwitch drivers, along with the AsusLiveUpdate.dll library for Windows operating systems, allow a hacker to write or delete any files from the Temp directory.

The vulnerability of the System Control Interface and AsusSwitch drivers, as well as the AsusLiveUpdate.dll library for Windows operating systems, is related to incorrect default permissions. Exploiting this vulnerability can allow an attacker to write or delete any files from the Temp directory...

The vulnerability of the System Control Interface and AsusSwitch drivers for Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the System Control Interface and AsusSwitch drivers for Windows operating systems is related to incorrect default permissions. Exploiting this vulnerability can allow an attacker to increase their privileges within the system...

CVE-2022-36438

AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily. This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

Design/Logic Flaw

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

Privilege escalation

AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily. This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0...

PT-2022-5314 · Asus +1 · Asusswitch.Exe +2

Name of the Vulnerable Software and Affected Versions: ASUS System Control Interface versions prior to 3.1.5.0 AsusSwitch.exe versions prior to 1.0.10.0 Description: The issue is related to incorrect default permissions in the System Control Interface and AsusSwitch drivers for Windows operating...

CVE-2022-36438

AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily. This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...

CVE-2022-36439

CVE-2022-36439 affects ASUS System Control Interface components on Windows: AsusSoftwareManager.exe before 1.0.53.0, AsusLiveUpdate.dll before 1.0.45.0, and System Control Interface before 3.1.5.0. A local attacker could write to the Temp directory and delete a more privileged file using SYSTEM p...

CVE-2022-36439

AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers running Windows allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.e...