PT-2024-35103 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: A local attacker could exploit a LogServer link following vulnerability in Trend Micro Apex One to escalate privileges on affected installations. This issue requires the attack...

The vulnerability of the GetValue() function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 allows a hacker to execute arbitrary code.

The vulnerability in the implementation of the GetValue function in the microprogramming system of LinkHub Mesh Wi-Fi AC1200 lies in the copying of buffers without checking the size of the input data during the processing of the logserver file. Exploiting this vulnerability allows an attacker...

CVE-2022-24014

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

Buffer overflow

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

CVE-2022-24014

A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all...

Command injection in Alluxio

In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability...

GHSA-J3CH-VJPH-8Q6V Command injection in Alluxio

In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability...

CVE-2022-23848

In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability...

CVE-2022-23848

In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability...

CVE-2022-23848

In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability...

Input validation

In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability...

CVE-2022-23848

In CVE-2022-23848, Alluxio before 2.7.3 does not validate the input stream in the logserver, which could allow malformed data handling to affect logging behavior or control flow. The NVD metrics indicate a high-severity, network-exposed issue with potential impact to confidentiality, integrity, a...

CVE-2022-23848

In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability...

CVE-2019-14521

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter...

Path traversal

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter...

CVE-2019-14521

CVE-2019-14521 describes a path traversal vulnerability in the api/admin/logoupload Logo File upload feature of EMCA Energy Logserver 6.1.2, allowing an attacker to upload any file to arbitrary locations on the server via the filename parameter. The issue is caused by insufficient validation of t...

CVE-2019-14521

The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter...

CVE-2019-10660

Grandstream GXV3611IRHD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field...