832 matches found
VulnCheck KEV: CVE-2023-48788
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests...
CVE-2023-7016
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access...
Authentication flaw
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access...
CVE-2023-7016 Privilege Escalation in SafeNet Authentication Client
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access...
PT-2024-15179 · Thales · Thales Safenet Authentication Client
Name of the Vulnerable Software and Affected Versions: Thales SafeNet Authentication Client versions prior to 10.8 R10 Description: A flaw in the software allows an attacker to execute code at a SYSTEM level via local access on Windows. Recommendations: For versions prior to 10.8 R10, update to...
PT-2024-18490 · Tvapi · Tvapi
Name of the Vulnerable Software and Affected Versions: TVAPI affected versions not specified Description: The issue is related to a possible out of bounds write in TVAPI due to a missing bounds check. This could lead to local escalation of privilege, with System execution privileges needed. User...
PT-2024-4161 · NetGear · Netgear Prosafe Network Management System
Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the product installer due to the use of default...
CVE-2023-29048
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...
Design/Logic Flaw
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...
CVE-2023-29048
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...
CVE-2023-32883
In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249...
The vulnerability of the security system and the Nessus vulnerability assessment, which stems from insufficient validation of input data, allows attackers to elevate their privileges to the root or NT AUTHORITY/SYSTEM level on the Nessus host.
The vulnerability of the Nessus security system and its vulnerability assessment are related to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to elevate their privileges to the root or NT AUTHORITY/SYSTEM level on the Nessus...
CVE-2023-0011 Command Execution through Serial Interface of u-blox TOBY-L2
A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial...
CVE-2023-49898
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...
Input validation
In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...
CVE-2023-49898
CVE-2023-49898 concerns Apache StreamPark: a project module that integrates Maven compilation lacks validation of Maven parameters, allowing remote command execution. The advisory notes that an attacker must be an authenticated system user with high privileges, limiting exposure, and that the ove...
CVE-2023-3517 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources...
CVE-2023-49692
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V7.2.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V7.2.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V7.2.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V7.2.2,...
CVE-2023-48428
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially...
Default configuration
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially...