182 matches found
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.0.0 Revision 7304 1.0.0 Revision 7284 1.0.0 Revision 6505 1.0.0 Revision 6332 1.0.0 Revision 6258 XS2DAB v1.50 rev 6267 Summary: Cleber offers a...
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.0.0 Revision 7304 1.0.0 Revision 7284 1.0.0 Revision 6505 1.0.0 Revision 6332 1.0.0 Revision 6258 XS2DAB v1.50 rev 6267 Summary: Cleber offer...
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass Vulnerability
Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the setpwd endpoint that enables...
ROS-2-1528
2.1528 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
CVE-2023-50255
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version...
CVE-2023-50255 Zip Path Traversal in Deepin-Compressor
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version...
CVE-2023-50255
CVE-2023-50255 affects the Deepin-Compressor default archive manager in Deepin Linux. A path traversal flaw prior to 5.12.21 can be exploited to achieve Remote Command Execution when opening crafted archives. Remediation: upgrade to version 5.12.21 or later (as listed in OpenSUSE/OpenSUSE-SU advi...
CVE-2023-50255 Zip Path Traversal in Deepin-Compressor
Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version...
CVE-2023-36650
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages...
Backup Warning: "repository time shift detected, immutability flag cannot be set."
Challenge A Backup or Backup Copy job using an Immutable Hardened Linux Repository displays the warning: A problem occurred during setting the immutable flag: repository time shift detected, immutability flag cannot be set. Please refer to KB4482 for more details Cause This warning is displayed...
CVE-2023-3282
CVE-2023-3282 is a local privilege escalation in Palo Alto Networks Cortex XSOAR Engine on Linux. A local attacker with shell access can execute programs with elevated privileges, impacting confidentiality, integrity, and availability (per NVD metrics). The connected sources indicate no public ex...
Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1776)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command ...
Design/Logic Flaw
A backup file vulnerability found in UniFi applications Version 7.3.83 and earlier running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...
Design/Logic Flaw
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP as a BTS administrator removes security hardenings from the Nokia Single RAN BTS baseband unit, the BTS baseband unit diagnostic tool AaShell which is by default disabled allows unauthenticated access from...
CVE-2023-25188
CVE-2023-25188 affects Nokia Airscale ASIKA Single RAN devices before 21B. If security hardenings are removed by a CSP, the AaShell diagnostic tool, which is disabled by default, can allow unauthenticated access from the BTS management network to the embedded Linux OS. This is a local impact risk...
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: use-after-free in l2capconnect and l2capleconnectreq in net/bluetooth/l2capcore.c CVE-2022-42896 net/ulp: use-after-free in listening ULP sockets CVE-2023-0461 cpu: AMD CPUs may transiently execu...
Security Bulletin: Unprivileged GPU access vulnerability - CVE-2013-5987
Summary NVIDIA device driver bug that could allow an unprivileged user to control target system. Vulnerability Details Abstract NVIDIA device driver bug that could allow an unprivileged user to control target system. Content Vulnerability Details: CVE ID : CVE-2013-5987 Description: NVIDIA Graphi...
New Cylance Ransomware Targets Linux and Windows Operating Systems
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cylance ransomware is a new malware that is capable of adjusting to customized encryption tactics and can accept different command-line parameters. To receive real-time threat advisories, please follow...
Moderate: Red Hat Security Advisory: toolbox security and bug fix update
An update for toolbox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
PT-2022-37682 · Undefined · Undefined
Уязвимость драйверов rtl8192e ядра операционной системы Linux связана с неосвобождением ресурса после истечения действительного срока его эксплуатирования. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать утечку памяти с помощью сетевого кадра 802.11 типа...