CVE-2023-34281 D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability

D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, t...

CVE-2023-32154

CVE-2023-32154 affects MikroTik RouterOS and its Router Advertisement Daemon (RADVD). The vulnerability is an out-of-bounds write caused by insufficient validation of user-supplied data, enabling network-adjacent attackers to execute code with root privileges. Exploitation requires no authenticat...

CVE-2022-48685

An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file cleansecbioldlogs is writable by all users and is executed as root, leading to privilege escalation...

PT-2024-11776 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions 7.1 through 7.1.1 Logpoint version 7.1.2 is not affected, so the range can be simplified to versions prior to 7.1.2. Description: An issue was discovered in Logpoint where the daily executed cron file clean secbi old logs is...

CVE-2022-48685

Logpoint 7.1 before 7.1.2 exposes a privilege-escalation issue: the daily cron file clean_secbi_old_logs is writable by all users and runs as root. Affected: Logpoint before 7.1.2. Impact: local privilege escalation. Mitigation: upgrade to 7.1.2 or later; as a temporary workaround, restrict permi...

CVE-2023-46808

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user...

X.Org Server DisableDevice Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DisableDevice...

VulnCheck KEV: CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

VulnCheck KEV: CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...

Red Hat Insights Security Vulnerabilities

Red Hat Insights is a data collection and analytics framework from Red Hat, built for scalability and rapid development. Red Hat Insights has a security vulnerability that stems from the presence of a local elevation of privilege vulnerability. An attacker can exploit the vulnerability by creatin...

PT-2023-27411 · Secudos · Secudos Qiata

Name of the Vulnerable Software and Affected Versions: SECUDOS Qiata DOMOS OS version 4.13 Description: The issue is related to insecure permissions for the previewRm.sh daily cronjob. An attacker needs access as a low-privileged user to the underlying DOMOS system to exploit this. Every user on...

The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx, arises from insecure management of privileges, allowing attackers to execute arbitrary commands.

The vulnerability of microprogrammed software in web panels for controlling and monitoring processes in industrial systems, PHOENIX CONTACT WP 6xxx, is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands on behalf...

D-Link DAP-2622 DDP Set Wireless Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation ...

PT-2023-7319 · Unknown +2 · Insights-Client +2

Name of the Vulnerable Software and Affected Versions: insights-client affected versions not specified Description: A security issue occurs due to insecure file operations or unsafe handling of temporary files and directories, leading to local privilege escalation. An unprivileged local user or...

VulnCheck KEV: CVE-2018-20122

The web interface on FASTGate Fastweb devices with firmware through 0.00.47FW200Askey 2017-05-17 software through 1.0.1b exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication...

systemd: privilege escalation via the less pager

A vulnerability was found in the systemd package. The systemd package does not adequately block local privilege escalation for some sudo configurations, for example, plausible sudoers files, in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to ...

PT-2023-7981 · Parallels · Parallels Desktop

Name of the Vulnerable Software and Affected Versions: Parallels Desktop affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code o...

CVE-2023-30505

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from insufficient DevTools data validation. A remote attacker can exploit this vulnerability by sending a malicious HTTP...