CVE-2020-10262

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...

Apple macOS 缓冲区错误漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sequoia that originates from a malicious application with root privileges that may modify the contents of system files...

CVE-2024-40825

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, visionOS 2. A malicious app with root privileges may be able to modify the contents of system files...

CVE-2024-40825

The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files...

MAL-2024-12293 Malicious code in juphelp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 11cd911a4d43440f44f1eadb92d5d8deda2dc85af9e4a5cf9b99e90918ffad07 Once run, downloads and install from sleipnirbrowser.org a suspicious executable pretending to be a webbrowser. This website appears to be a scam using some ki...

CVE-2024-0160

Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS...

PT-2024-3247 · Mitel · Mitel 6900 Series +2

Name of the Vulnerable Software and Affected Versions: Mitel 6800 Series versions through 6.3 SP3 HF4 Mitel 6900 Series versions through 6.3 SP3 HF4 Mitel 6900w Series versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8 Description: The issue is related to an authenticati...

Cisco IOS XR Security Vulnerability

Cisco IOS XR is an operating system developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS XR that stems from a flaw in the Secure Copy Protocol SCP and SFTP functionality that could allow an authenticated, local attacker to create or overwrite files in the syste...

CVE-2023-35140

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70ABTO.5 could allow an authenticated local user with read-only access to modify system settings on a vulnerable device...

CVE-2023-39286

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery CSRF attack due to insufficient request validation. A successful exploit could allow an attacker to provide a...

Mitel Connect Mobility Router Cross-Site Request Forgery Vulnerability

Mitel Connect Mitel ShoreTel is a software for office communication from Mitel Canada. The software provides access to corporate contacts, support for selecting contacts to open conferences, and an interface to manage calls and voicemail. A security vulnerability exists in Mitel Connect Mobility...

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

3s-smart Software Solutions CODESYS 路径遍历漏洞

3s-smart Software Solutions CODESYS is a controller development system from 3s-smart Software Solutions, Germany. A path traversal vulnerability exists in 3s-smart Software Solutions CODESYS that could be exploited by a remote, low-privilege attacker to access and modify all system files and...

CVE-2022-20214

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210...

Code injection

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210...

PT-2023-12638 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions 10 through 12 Description: The issue concerns a tapjacking attack vulnerability in the In Car Settings app, specifically with the toggle button in Modify system settings. This allows attackers to overlay the toggle button,...

CVE-2022-20214

CVE-2022-20214 (Android) affects the Car Settings app on Android 10–12. The vulnerability is a tapjacking issue where an attacker can overlay the “Modify system settings” toggle, potentially allowing apps to modify system settings without user consent. The CVSS 3.1 base metrics indicate: Attack V...

QNAP Photo Station Externally Controlled Reference Vulnerability

Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign...

CVE-2022-30298

An improper privilege management vulnerability CWE-269 in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...