331 matches found
CVE-2023-35754
D-Link DAP-2622 DDP Set AG Profile NMS URL Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35753
D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerabilit...
CVE-2023-51592 BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability
BlueZ Audio Profile AVRCP parsemediafolder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability i...
CVE-2023-51592
BlueZ Audio Profile AVRCP parsemediafolder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability i...
CVE-2023-32143
D-Link DAP-1360 webupg UPGCGICheckAuth Numeric Truncation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The...
CVE-2023-50229
CVE-2023-50229 affects BlueZ PBAP heap-based buffer overflow. Affects BlueZ with PBAP handling; vulnerability allows remote code execution by network-adjacent attackers, requiring the target to connect to a malicious Bluetooth device. Some connected advisories indicate patches are available (e.g....
CVE-2023-50226
Parallels Desktop Updater contains a local privilege escalation via the Updater service. The flaw arises from creating a symbolic link to move arbitrary files, allowing an attacker who already has low-privilege code execution to escalate to root and execute arbitrary code. Several sources corrobo...
CVE-2023-50226 Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability
Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in...
CVE-2023-50211 D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this...
CVE-2023-44448 TP-Link Archer A54 libcmm.so dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability
TP-Link Archer A54 libcmm.so dmfillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A54 routers. Authentication is required to exploit this...
CVE-2023-44404
CVE-2023-44404 affects D-Link DAP-1325: a stack-based buffer overflow in get_value_from_app via the HNAP1 SOAP endpoint handling of XML data. The flaw is due to insufficient validation of user-supplied data length before copying to a fixed-length stack buffer, allowing network-adjacent attackers ...
CVE-2023-41218
The CVE-2023-41218 entry details a stack-based buffer overflow in D-Link DIR-3040 Prog.cgi (SetWan3Settings) vulnerable when processing HNAP requests to the lighttpd webserver on ports 80/443. The flaw stems from insufficient validation of a user-supplied string copied into a fixed-size stack buf...
CVE-2023-39461
Product and vulnerability context: Triangle MicroWorks SCADA Data Gateway. The issue is an arbitrary file write vulnerability in the handling of event logs, caused by improper sanitization of log output. The weakness can allow an attacker to write arbitrary files and, in combination with other vu...
CVE-2023-37326 D-Link DAP-2622 DDP Set Wireless Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Set Wireless Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-37318 D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-37316 D-Link DAP-2622 DDP Set IPv6 Address Default Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability
D-Link DAP-2622 DDP Set IPv6 Address Default Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...
CVE-2023-35744
The CVE-2023-35744 entry concerns D-Link DAP-2622 devices with a stack-based buffer overflow in the DDP Configuration Restore Server’s IPv6 address handling. The flaw arises from inadequate validation of user-supplied data length before copying to a fixed-length stack buffer, enabling network-adj...
CVE-2023-34281 D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability
D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, t...
CVE-2023-32154
CVE-2023-32154 affects MikroTik RouterOS and its Router Advertisement Daemon (RADVD). The vulnerability is an out-of-bounds write caused by insufficient validation of user-supplied data, enabling network-adjacent attackers to execute code with root privileges. Exploitation requires no authenticat...
CVE-2022-48685
An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file cleansecbioldlogs is writable by all users and is executed as root, leading to privilege escalation...