D-Link DIR-1935 SetStaticRouteIPv6Settings Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

D-Link DIR-1935 SetStaticRouteIPv4Settings NetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

D-Link DIR-1935 HNAP_AUTH Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When...

TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated...

Tesla bcmdhd Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from...

D-Link Multiple Routers lighttpd Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The iss...

D-Link DIR-2150 Buffer Overflow Vulnerability

D-Link DIR-2150 is a wireless router device from D-Link. D-Link DIR-2150c is vulnerable to a buffer overflow, which can be exploited by attackers to execute code in the root context...

D-Link DIR-2150 Buffer Overflow Vulnerability (CNVD-2023-21662)

The D-Link DIR-2150 is a wireless router device from D-Link. The D-Link DIR-2150 is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to execute code in the root context...

CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

Cisco RV340 wfapp Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wfapp application. A crafted server response can trigger execution of ...

SRC-2022-0021 : VMWare Cloud Foundation NSX-V XStream Deserialization of Untrusted Data Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists due to a vulnerable unmarshaller used to handle incoming...

Lexmark MC3224i Firmware Downgrade Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware upgrade feature. The issue results from the lack of...

SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2022:2370-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2370-1 advisory. - A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry...

CVE-2022-2320

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

Parallels Desktop Updater Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update...

The vulnerability of TP-Link Archer C90 router’s microprogramming software arises from buffer overflow on the stack, allowing an attacker to execute arbitrary code.

The vulnerability of TP-Link Archer C90 router’s microprogramming software is caused by an overflow in the buffer on the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root context...

GHSA-4Q2V-J639-CP7P Improper Access Control in Apache Shiro

Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path...

(Pwn2Own) NETGEAR R6700v3 Vulnerable Third-Party Component Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Netatalk library that is installed on NETGEAR R6700v3 routers. The...

CVE-2022-1509

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context...

Sql injection

Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context...