CVE-2023-27323

CVE-2023-27323 concerns Parallels Desktop Updater on macOS, where a Time-Of-Check Time-Of-Use flaw in the Updater service can be triggered by creating a symbolic link to abuse the service and execute a file, leading to local privilege escalation to root. Affected software is Parallels Desktop (Up...

CVE-2023-41222 D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability...

D-Link DAP-2622 安全漏洞

The D-Link DAP-2622 is a wireless access point Access Point device from China's D-Link. The D-Link DAP-2622 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the root context...

Softing edgeAggregator 安全漏洞

Softing edgeAggregator is a flexible and container-based solution from Softing for managing complex system architectures for OT/IT integration into edge and cloud applications. A security vulnerability exists in Softing edgeAggregator, which stems from a lack of proper content security policy...

D-Link DAP-2622 安全漏洞

The D-Link DAP-2622 is a wireless router from China-based AUO D-Link. The D-Link DAP-2622 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the root context...

D-Link DAP-2622 安全漏洞

The D-Link DAP-2622 is a wireless access point Access Point device from China's D-Link. The D-Link DAP-2622 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the root context...

D-Link DAP-2622 安全漏洞

The D-Link DAP-2622 is a wireless access point Access Point device from China's D-Link. The D-Link DAP-2622 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the root context...

D-Link DAP-2622 安全漏洞

The D-Link DAP-2622 is a wireless access point Access Point device from China's D-Link. The D-Link DAP-2622 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the root context...

Softing Secure Integration Server 安全漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing, and security supervision. A security vulnerability exists in Softing Secure Integration...

Adtran SR400ac 安全漏洞

The Adtran SR400ac is a router from the US-based Adtran Corporation. A security vulnerability exists in the Adtran SR400ac that stems from the presence of a ping command injection remote code execution vulnerability, which can be exploited by an attacker to execute code in a root context...

D-Link DAP-2622 安全漏洞

The D-Link DAP-2622 is a wireless router from China-based AUO D-Link. The D-Link DAP-2622 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the root context...

D-Link DAP-2622 安全漏洞

The D-Link DAP-2622 is a wireless access point Access Point device from China's D-Link. The D-Link DAP-2622 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the root context...

Triangle MicroWorks SCADA Data Gateway 安全漏洞

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. A remote code execution vulnerability exists in Triangle MicroWorks SCADA Data Gateway, which can be exploited by an attacker to execute arbitrary code in the root context...

Softing Secure Integration Server 安全漏洞

Softing Secure Integration Server is a secure integration server from Softing Germany. It provides a powerful OPC UA data integration layer and supports interface abstraction, aggregation, data preprocessing and security supervision. A security vulnerability exists in Softing Secure Integration...

CVE-2023-51631

The CVE-2023-51631 issue affects D-Link DIR-X3260 routers, specifically the prog.cgi SetUsersSettings handler. The vulnerability is a stack-based buffer overflow in the prog.cgi binary handling HNAP requests to the lighttpd server (ports 80/443), caused by improper validation of a user-supplied s...

X.Org Server ProcRenderAddGlyphs Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ProcRenderAddGlyphs...

CVE-2023-46687

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer...

Design/Logic Flaw

In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer...

X.Org Server XISendDeviceHierarchyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Wazuh Log Collector Integer Underflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Wazuh. Log Injection is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of the multilines log format. Th...