214 matches found
CVE-2024-9062
CVE-2024-9062 – macOS Archify local privilege escalation : The vulnerability affects the Archify privileged helper tool, com.oct4pie.archifyhelper, which runs as root and is exposed via XPC. The root cause is insufficient client validation by the helper, which does not verify code signatures, ent...
PT-2025-25173 · Archify · Archify
Name of the Vulnerable Software and Affected Versions: Archify affected versions not specified Description: The issue is related to insufficient client validation in the privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. This tool is responsible for privileged operations...
CVE-2024-20359
A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code...
MSP360 Backup insecure filesystem permissions
RISK EVALUATION MSP360 Backup is a data backup and recovery solution. An insecure default permissions vulnerability allows a lower privileged user to execute commands with root level privileges in the 'Online Backup' folder. An attacker could exploit this vulnerability to obtain user...
Cisco Small Business RV Series Routers Command Injection Vulnerability
Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data...
CVE-2022-20649
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...
CVE-2024-48122
Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges...
CVE-2024-48122
Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges...
CVE-2022-20649
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...
CVE-2022-20652
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...
CVE-2022-20649 Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability
A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...
CVE-2022-20652 Cisco Tetration Command Injection Vulnerability
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...
CVE-2022-20652 Cisco Tetration Command Injection Vulnerability
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient inpu...
Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability (cisco-sa-asa-ssh-rce-gRAuPEUF)
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...
CVE-2024-20485
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...
CVE-2024-20485
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this...
CVE-2024-20329
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...
Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...
Cisco Adaptive Security Appliance 安全漏洞
Cisco Adaptive Security Appliance ASA is a comprehensive network security appliance developed by Cisco that provides firewall, VPN, IPS, and other security features. It supports both physical and virtual deployments and can adapt to the security needs of networks of different sizes. A remote...
CVE-2024-41308
An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system...