CVE-2021-26730

A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

Aruba Networks ClearPass Policy Manager 安全漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. A security vulnerability in Aruba Networks ClearPass Policy Manager version 6.10.6 and earlier, 6.9.11 and earlier, which originates from allowing a...

DEBIAN-CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

Device42 参数注入漏洞

Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. A parameter injection vulnerability exists in Device42 CMDB version 18.01.00 and earlier, which stems from a Change Secret username field used in the discovery...

The vulnerability in the web interface for managing microprogrammed software routers of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN allows a malicious actor to execute arbitrary code in the context of the root user or to cause service interruptions. This vulnerability is related to errors in the processing of input data.

The vulnerability of the web-based management interface for Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN software lies in errors during the processing of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the root user or cause...

PT-2022-5529 · D Link · D-Link Dir-1935

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can b...

PT-2022-5480 · Tp Link · Tp-Link Tl-Wr841N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR841N versions TL-WR841NUS V14 220121 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Although authentication is required to exploit this...

CVE-2022-34892

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2022-34892

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2022-34901

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 39316 Agent. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists...

CVE-2022-34891

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

UBUNTU-CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

The vulnerability of the microprogramming software used in Mitel 6800 Series SIP Phones and 6900 Series SIP Phones lies in the presence of undocumented configuration commands. This allows a malicious actor to execute arbitrary code with root privileges, as well as gain unauthorized access to protected information.

The vulnerability of the microprogramming software used in Mitel 6800 Series SIP Phones and 6900 Series SIP Phones is related to the presence of undocumented configuration commands. Exploiting this vulnerability allows an attacker to execute arbitrary code with root privileges, as well as gain...

PT-2022-5537 · D Link · D-Link Dir-1935

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: The issue is related to the handling of SetWebFilterSetting requests in the web management portal of D-Link DIR-1935 routers. Specifically, when parsing the WebFilterURLs element, the process does not...

UBUNTU-CVE-2021-3899

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root...

The vulnerability of the Traceroute WebUI device from PHOENIX CONTACT RAD-ISM-900-EN-* allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the Traceroute WebUI tool for devices PHOENIX CONTACT RAD-ISM-900-EN- exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code with root privileges...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks. A security vulnerability exists in Palo Alto Networks PAN-OS. An attacker could use this vulnerability to upload a specially created configuration that interrupts system processes and executes arbitrary code...

CVE-2022-30234

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 V4.5 and prior...

PT-2022-13923 · Hestiacp · Hestiacp

Name of the Vulnerable Software and Affected Versions: hestiacp/hestiacp versions prior to 1.5.12 Description: The issue allows an authenticated remote attacker with low privileges to execute arbitrary code under root context. This is due to a command injection vulnerability in the GitHub...