Lucene search
K

832 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/03/12 12:0 a.m.8 views

VulnCheck KEV: CVE-2023-48788

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests...

9.8CVSS7.6AI score0.97591EPSS
Exploits4References1
NVD
NVD
added 2024/02/27 11:15 a.m.26 views

CVE-2023-7016

A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access...

7.8CVSS7.7AI score0.00341EPSS
Exploits0References1
Prion
Prion
added 2024/02/27 11:15 a.m.16 views

Authentication flaw

A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access...

4.4CVSS7.3AI score0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/27 10:45 a.m.20 views

CVE-2023-7016 Privilege Escalation in SafeNet Authentication Client

A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access...

7.8CVSS7AI score0.00341EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.7 views

PT-2024-15179 · Thales · Thales Safenet Authentication Client

Name of the Vulnerable Software and Affected Versions: Thales SafeNet Authentication Client versions prior to 10.8 R10 Description: A flaw in the software allows an attacker to execute code at a SYSTEM level via local access on Windows. Recommendations: For versions prior to 10.8 R10, update to...

7.8CVSS7.8AI score0.00341EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/04 12:0 a.m.5 views

PT-2024-18490 · Tvapi · Tvapi

Name of the Vulnerable Software and Affected Versions: TVAPI affected versions not specified Description: The issue is related to a possible out of bounds write in TVAPI due to a missing bounds check. This could lead to local escalation of privilege, with System execution privileges needed. User...

6.7CVSS6.4AI score0.00113EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.6 views

PT-2024-4161 · NetGear · Netgear Prosafe Network Management System

Name of the Vulnerable Software and Affected Versions: NETGEAR ProSAFE Network Management System affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the product installer due to the use of default...

7.8CVSS7.5AI score0.00568EPSS
Exploits0References5
NVD
NVD
added 2024/01/08 9:15 a.m.26 views

CVE-2023-29048

A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...

8.8CVSS9.2AI score0.0133EPSS
Exploits0References4
Prion
Prion
added 2024/01/08 9:15 a.m.13 views

Design/Logic Flaw

A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...

6.5CVSS8.1AI score0.0133EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/01/08 8:51 a.m.22 views

CVE-2023-29048

A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...

8.8CVSS9.3AI score0.0133EPSS
Exploits0References4
OSV
OSV
added 2024/01/02 3:15 a.m.3 views

CVE-2023-32883

In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249...

6.7CVSS5.9AI score0.00093EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.4 views

The vulnerability of the security system and the Nessus vulnerability assessment, which stems from insufficient validation of input data, allows attackers to elevate their privileges to the root or NT AUTHORITY/SYSTEM level on the Nessus host.

The vulnerability of the Nessus security system and its vulnerability assessment are related to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to elevate their privileges to the root or NT AUTHORITY/SYSTEM level on the Nessus...

9CVSS7.6AI score0.0082EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/12/20 7:55 a.m.35 views

CVE-2023-0011 Command Execution through Serial Interface of u-blox TOBY-L2

A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial...

7.6CVSS7.9AI score0.00482EPSS
Exploits0References1
OSV
OSV
added 2023/12/15 1:15 p.m.24 views

CVE-2023-49898

In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...

7.2CVSS7.2AI score
Exploits0References1
Prion
Prion
added 2023/12/15 1:15 p.m.23 views

Input validation

In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...

5.8CVSS7.5AI score0.02299EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/15 12:13 p.m.92 views

CVE-2023-49898

CVE-2023-49898 concerns Apache StreamPark: a project module that integrates Maven compilation lacks validation of Maven parameters, allowing remote command execution. The advisory notes that an attacker must be an authenticated system user with high privileges, limiting exposure, and that the ove...

7.2CVSS7.1AI score0.02299EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/12 10:28 p.m.16 views

CVE-2023-3517 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')

Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources...

8.5CVSS9AI score0.00642EPSS
Exploits0References1
OSV
OSV
added 2023/12/12 12:15 p.m.4 views

CVE-2023-49692

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V7.2.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V7.2.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V7.2.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V7.2.2,...

6.7CVSS5.7AI score
Exploits0References3
NVD
NVD
added 2023/12/12 12:15 p.m.27 views

CVE-2023-48428

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially...

7.2CVSS0.00498EPSS
Exploits0References1
Prion
Prion
added 2023/12/12 12:15 p.m.19 views

Default configuration

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially...

5.8CVSS7.2AI score0.00498EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder