96 matches found
Remote Code Execution (RCE)
Azure.Identity is vulnerable to Remote Code Execution. The vulnerability is due to improper property sanitization, which allows an attacker to pass a specially crafted OS-level command to a specific SDK property which can result in Remote Code Execution. The vulnerability exists in the...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xrdp (SUSE-SU-2023:3830-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3830-1 advisory. - CVE-2023-40184: Fixed restriction bypass via improper session handling bsc1214805. Tenable has extracte...
CVE-2023-40184 Improper handling of session establishment errors in xrdp
xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in in session...
CVE-2023-40184
xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in in session...
Unspecified Vulnerability in Google Chrome (CNVD-2023-69037)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that can be exploited by an attacker to perform OS-level privilege escalation via a malicious file...
CVE-2019-13690
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...
Privilege escalation
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...
CVE-2019-13690
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...
CVE-2019-13690
CVE-2019-13690 affects Google Chrome on ChromeOS via an inappropriate OS implementation . Before version 75.0.3770.80 , a remote attacker could achieve OS-level privilege escalation by tricking the user with a malicious file. The documented impact is high, but the connected sources do not provide...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that can be exploited by an attacker to perform OS-level privilege escalation via a malicious file...
Chamilo unauthenticated command injection in PowerPoint upload
Chamilo is an e-learning platform, also called Learning Management Systems LMS. This module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below CVE-2023-34960. Due to a functionality called Chamilo Rapid to easily convert PowerPoint...
CVE-2020-21469
An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pgreloadconf access...
Partial Local file inclusion
Description An authenticated user can extend the range of the web application's folder context and can dig out to OS level. To reproduce the issue, please authenticate to the web application, and simply open the following URL in the browser:...
Command injection
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...
CVE-2023-25759
The CVE-2023-25759 issue affects the Tripleplay Platform’s TripleData Reporting Engine prior to Caveman 3.4.0, where OS command injection is possible via a crafted request payload. The vulnerability allows authenticated users to execute unprivileged OS commands, with the impact described as limit...
CVE-2023-25759
OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload...
Froxlor Log Path RCE
Froxlor v2.0.7 and below suffer from a bug that allows authenticated users to change the application logs path to any directory on the OS level which the user www-data can write without restrictions from the backend which leads to writing a malicious Twig template that the application will render...
Design/Logic Flaw
SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrit...
D-Link DNR-322L Command Injection Vulnerability
The D-Link DNR-322L is a surveillance memory from D-Link. A command injection vulnerability exists in D-Link DNR-322L version 2.60B15 and earlier, which stems from a data integrity failure in the backup configuration and can be exploited by an authenticated attacker to execute OS-level commands o...
Command injection
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L = 2.60B15 allows an authenticated attacker to execute OS level commands on the device...