5285 matches found
CVE-2024-7517
CVE-2024-7517 concerns a local, privileged escalation in Brocade Fabric OS prior to 9.2.0c and in 9.2.1–9.2.1a on IP Extension platforms (7810/7840/7850 or SX-6 blade on X6/X7). Exploitation requires an authenticated user on SSH/serial to craft portcfg usage. Root cause is a command-injection vul...
CVE-2024-7517 Privileged escalation via crafted use of portcfg command
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...
CVE-2024-7517 Privileged escalation via crafted use of portcfg command
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...
Fedora: Security Advisory (FEDORA-2024-300397332b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fortinet FortiWeb Detection Consolidation
Consolidation of Fortinet FortiWeb detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...
D-Link DSL6740C OS Command Injection Vulnerability (CNVD-2024-45430)
The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. The D-Link DSL6740C suffers from an operating system command injection vulnerability, which can be exploited by a remote attacker with administrator privileges to inject and execute arbitrary system commands via specific...
D-Link DSL6740C OS Command Injection Vulnerability (CNVD-2024-45429)
The D-Link DSL6740C is a wireless VDSL router from China's AUO D-Link. The D-Link DSL6740C suffers from an operating system command injection vulnerability, which can be exploited by a remote attacker with administrator privileges to inject and execute arbitrary system commands via specific...
D-Link DSL6740C Operating System Command Injection Vulnerability
The D-Link DSL6740C is a wireless VDSL router from China-based AUO D-Link. The D-Link DSL6740C suffers from an operating system command injection vulnerability, which can be exploited by a remote attacker with administrator privileges to inject and execute arbitrary system commands via specific...
GHSA-P2H2-3VG9-4P87 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
Summary A security vulnerability has been identified in GitHub CLI that could allow remote code execution RCE when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands. Details The vulnerability stems from the way GitHub CLI handles SSH...
GHSA-7HPF-G48V-HW3J Zoraxy has an authenticated command injection in the Web SSH feature
Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In...
CVE-2024-50560
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...
CVE-2024-50560
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...
CVE-2024-50560
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...
Privileged escalation via crafted use of portcfg command
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extensio...
CVE-2024-11065
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet...
CVE-2024-11063
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet...
CVE-2024-11064
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet...
CVE-2024-11062
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet...
CVE-2024-11068 D-Link DSL6740C - Incorrect Use of Privileged APIs
The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account...
CVE-2024-11065 D-Link DSL6740C - OS Command Injection
The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet...