Lucene search
K

255 matches found

BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.7 views

The vulnerability of the microprogrammed software of Advantech EKI-1524, EKI-1522, and EKI-1521 allows a perpetrator to execute arbitrary codes.

The vulnerability of microprogrammed software in Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches lies in the ability to write code outside the buffer memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted POST requests...

9CVSS8.3AI score0.15499EPSS
Exploits2References7Affected Software3
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.7 views

PT-2023-8435 · Ibm · Ibm I Access Client Solutions

Name of the Vulnerable Software and Affected Versions: IBM i Access Client Solutions versions 1.1.2 through 1.1.4 IBM i Access Client Solutions versions 1.1.4.3 through 1.1.9.3 Description: The issue is related to insufficient authorization procedure in the IBM i Access Client Solutions, allowing...

9CVSS7.5AI score0.0099EPSS
Exploits1References13
BDU FSTEC
BDU FSTEC
added 2023/12/06 12:0 a.m.5 views

The vulnerability of the ExportConfigs method of the Network Configuration Manager (NCM) software allows a perpetrator to execute arbitrary code.

The vulnerability of the ExportConfigs method in the Network Configuration Manager NCM software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the SYSTEM context remotel...

8CVSS8AI score0.0184EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/09/07 7:10 a.m.19 views

CVE-2023-39238 ASUS RT-AX55、RT-AX56U_V2 - Format String - 1

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its setiperf3svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution,...

7.2CVSS7.3AI score0.01187EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/08/07 12:0 a.m.9 views

The vulnerability of the SFTP Secure File Transfer Protocol implementation in the BioTime time management web platform allows a violator to write arbitrary files.

The vulnerability of the SFTP Secure File Transfer Protocol implementation in the BioTime time-off management web platform is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a remote attacker to write arbitrary files...

9.7CVSS8.2AI score0.03258EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2023/07/29 12:15 a.m.1 views

DEBIAN-CVE-2022-4906

Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS8.3AI score0.12957EPSS
Exploits1References1
Prion
Prion
added 2023/07/21 7:15 a.m.27 views

Format string

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessagenormal function, in the dodetwancgi module of httpd. An unauthenticated remote attacker without privilege can...

7.5CVSS9.6AI score0.38884EPSS
Exploits1References1Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/07/04 12:0 a.m.6 views

The vulnerability of the microprogrammed software of Siemens SCALANCE industrial switches allows a intruder to execute arbitrary commands in the basic operating system.

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands in the basic...

8.1CVSS7.9AI score0.2704EPSS
Exploits3References6Affected Software2
OpenVAS
OpenVAS
added 2023/05/29 12:0 a.m.9 views

Debian: Security Advisory (DSA-5413-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.65515EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/05/02 12:0 a.m.11 views

Debian: Security Advisory (DLA-3406-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.65515EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2023/04/22 12:0 a.m.5 views

The vulnerability in the implementation of the Internet Key Exchange (IKE) protocol in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Internet Key Exchange IKE protocol implementation in Windows operating systems is related to synchronization errors when using a common resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

7.5CVSS7.9AI score0.00877EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.19 views

Siemens SCALANCE W1750D Command Injection (CVE-2021-37730)

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant...

9CVSS7.4AI score0.02957EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.29 views

Siemens SCALANCE W1750D Improper Input Validation (CVE-2021-25155)

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...

8.5CVSS6.9AI score0.13312EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.30 views

Siemens SCALANCE W1750D Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2021-25158)

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant...

5.9CVSS7AI score0.3058EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.22 views

Siemens SCALANCE W1750D Improper Input Validation (CVE-2021-25156)

A remote arbitrary directory create vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below;...

4.9CVSS6.7AI score0.40523EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.30 views

Siemens (CVE-2021-37732)

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant...

9CVSS7.4AI score0.02957EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.5 views

SUSE CVE-2007-1595

The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...

7.5CVSS7.6AI score0.02602EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.6 views

SUSE CVE-2013-4535

The virtqueuemapsg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read...

8.8CVSS7.5AI score0.00957EPSS
Exploits0References4
Citrix
Citrix
added 2022/12/13 12:1 p.m.108 views

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518

A vulnerability has been discovered in Citrix Gateway and Citrix ADC, listed below, that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance. CVE-ID| Description| CWE| Affected Products| Pre-conditions ---|---|---|---|---...

9.8CVSS1.5AI score0.06931EPSS
Exploits1Affected Software2
Oracle linux
Oracle linux
added 2022/11/15 12:0 a.m.59 views

rsync security and enhancement update

3.1.3-19 - Resolves: 2116668 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field 3.1.3-18 - Resolves: 2111175 - remote arbitrary files write inside the directories of connecting peers 3.1.3-17 - Related: 2043753 - New option should...

9.8CVSS2.7AI score0.16004EPSS
Exploits1
Rows per page
Query Builder