UBUNTU-CVE-2024-21803

Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM bluetooth modules allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C. This issue affects Linux kernel: fr...

PT-2024-19620 · Bosscms · Bosscms

Name of the Vulnerable Software and Affected Versions: BossCMS version 1.3.0 Description: The issue allows a local attacker to execute arbitrary code and escalate privileges. This is achieved via the init function in the admin.class.php component. Recommendations: For BossCMS version 1.3.0,...

PT-2024-6708 · Synology · Synology Drive Client

Name of the Vulnerable Software and Affected Versions: Synology Drive Client versions prior to 3.3.0-15082 Description: The issue is related to the inclusion of functionality from an untrusted control sphere in the OpenSSL DLL component. This allows local users to execute arbitrary code via...

CVE-2023-51833

A command injection issue in TRENDnet TEW-411BRPplus v.2.07eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page...

CVE-2024-0645

Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. A local attacker could execute arbitrary code via a long filename argument by monitoring Structured Exception Handler SEH records...

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

The point-of-sale PoS terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to...

CVE-2024-22428

Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity...

SUSE CVE-2023-51257

An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code...

AZL-34807 CVE-2023-51257 affecting package jasper for versions less than 4.2.1-1

An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code...

CVE-2023-7206

In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape...

CVE-2023-42135

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

CVE-2023-42134

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.4520230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability...

CVE-2023-42135

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

CVE-2023-42134

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.4520230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability...

CVE-2023-42135

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

CVE-2023-42134

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.4520230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability...

CVE-2023-42134

CVE-2023-42134 and CVE-2023-42135 affect PAX Android PoS devices (e.g., A920Pro/A50) and enable local code execution as root via kernel parameter injection in fastboot on affected PayDroid builds before 20230614; CVE-2023-42136 and CVE-2023-42137 enable privilege escalation via shell injection in...

GLSA-202401-21 : KTextEditor: Arbitrary Local Code Execution

The remote host is affected by the vulnerability described in GLSA-202401-21 KTextEditor: Arbitrary Local Code Execution - The LSP Language Server Protocol plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a...

DEBIAN-CVE-2021-3600

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code...

CVE-2023-7224

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLDINSERTLIBRARIES environment variable...