Cisco NX-OS Permissions, Privileges, and Access Controls (CVE-2012-4077)

Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Cisco NX-OS Command Injection (CVE-2017-12339)

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...

Cisco NX-OS Improper Input Validation (CVE-2017-12336)

A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validati...

CVE-2024-48453

An issue in INOVANCE AM401CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function...

runc: file descriptor leak

A file descriptor leak issue was found in the runc package. While a user performs OCLOEXEC all file descriptors before executing the container code, the file descriptor is open when performing setcwd2, which means that the reference can be kept alive in the container by configuring the working...

CVE-2024-29404

An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component...

CVE-2024-49415

Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code...

CVE-2024-46909 WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account...

CVE-2024-53564

The CVE concerns FreePBX 17.0.19.17 where uploaded file types are not validated, enabling high-privilege administrators to insert unwanted files. Root cause: lack of file-type validation in the upload flow of FreePBX modules. Potential impact: remote code execution is stated in one source, but ot...

CVE-2024-53564

A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded valid FreePBX module files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are...

CVE-2024-48406

Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the poweructintt x, uctintt n in src/uctupstream.c...

Ubuntu: Security Advisory (USN-7126-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-53673

A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code...

CVE-2024-11145

Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5...

CVE-2024-52899

IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

CVE-2024-51723

CVE-2024-51723 – BlackBerry AtHoc : A Stored XSS in the Management Console of AtHoc version 7.15 could allow an attacker to execute actions in the context of the victim’s session. Public details in PT-2024-34870 specify the vulnerable component as the Management Console and confirm the issue as a...

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway...

CVE-2024-53913

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...

Malicious code in security-alert-watcher (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b571f55a5f40419ca8cad82f299058dbe569e0a541e1909bcde9ce29f239101d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-9244

Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the...