CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

CVE-2023-42566

Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code...

Medium: wireshark

Issue Overview: A heap based buffer overflow in Wireshark's NetScreen file parser may lead to a local arbitrary code execution via a crafted capture file. CVE-2023-6175 Affected Packages: wireshark Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...

CVE-2023-4931

Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll,...

OESA-2023-1847 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: A heap-based buffer overflow was found in Wireshark's NetScreen file parser. This issue may allow loc...

CVE-2023-6045

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion...

PT-2023-30726 · Grocy · Grocy

Name of the Vulnerable Software and Affected Versions: Grocy version 4.0.3 Description: The issue allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within the "/equipment/" component. Recommendations: For Grocy version 4.0.3...

CVE-2023-48200

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component...

CVE-2023-47489

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components...

CVE-2023-43580

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...

PT-2023-28867 · Lenovo · Smuv11Dxe

Name of the Vulnerable Software and Affected Versions: Lenovo Desktop products affected versions not specified Description: A buffer overflow was reported in the SmuV11Dxe driver that may allow a local attacker with elevated privileges to execute arbitrary code. Recommendations: At the moment,...

PT-2023-28861 · Lenovo · Lemalldriversconnectedeventhook

Name of the Vulnerable Software and Affected Versions: Lenovo Desktop products affected versions not specified Description: A buffer overflow was reported in the LEMALLDriversConnectedEventHook module that may allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2023-42535

Out-of-bounds Write in readblock of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...

CVE-2023-42528

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices prior to SMR Nov-2023 Release 1, which originates from an out-of-bounds write in the readblo...

PT-2023-22942 · Unknown · Libsec-Ril

Name of the Vulnerable Software and Affected Versions: libsec-ril versions prior to SMR Nov-2023 Release 1 Description: The issue allows a local attacker to execute arbitrary code due to an Arbitrary File Descriptor Write vulnerability in libsec-ril. Recommendations: For versions prior to SMR...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices prior to SMR Nov-2023 Release 1 version, which stems from an incorrect input validation vulnerability in the...

PT-2023-29573 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: Mybb Mybb Forums version 1.8.33 Description: The issue allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component. This is a Cross Site Scripting issue. Recommendations: For Mybb Mybb Foru...

ROS-20231102-01

A buc Traceroute vulnerability related to improper handling of lines of code. Exploitation of the vulnerability could allow an attacker acting locally to execute arbitrary code...

CVE-2023-21381

In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...