Design/Logic Flaw

This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlanconfig data...

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2022-23122

CVE-2022-23122 affects Netatalk, with the flaw in setfilparams allowing an unauthenticated attacker to trigger a stack-based buffer overflow and execute code as root. This is a remote code execution with high impact on confidentiality, integrity, and availability. The issue stems from insufficien...

CVE-2022-23124

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getfinderinfo method. The issue results from the lack of proper validation of...

CVE-2022-23124

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getfinderinfo method. The issue results from the lack of proper validation of...

CVE-2023-20065

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit thi...

Authorization

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit thi...

CVE-2023-0160

A deadlock flaw was found in the Linux kernel’s BPF subsystem. The fail happens in the function sockhashdeleteelem. This flaw allows a local user to potentially crash the system. Mitigation The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the...

EulerOS 2.0 SP10 : lxc (EulerOS-SA-2023-1532)

According to the versions of the lxc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected...

Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater...

Privilege escalation

Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...

D-Link DIR-867 Rev. A <= v1.30B07 RCE Vulnerability

D-Link DIR-867 Rev. A devices are prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root Vulnerability

ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account...

CVE-2023-23520

A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root...

K34931053: OpenSMTPD vulnerability CVE-2020-7247

Security Advisory Description smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the...

K70992015: Linux kernel vulnerabilty CVE-2021-33200

Security Advisory Description kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. I...

K44318398: Net-SNMP vulnerability CVE-2020-15862

Security Advisory Description Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. CVE-2020-15862 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...

SUSE CVE-2019-13272

In the Linux kernel before 5.1.17, ptracelink in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a...

SUSE CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...

SUSE CVE-2023-24039

A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges to root on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer...