313 matches found
RHEL 9 : kernel-rt (RHSA-2023:4138)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4138 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...
Command injection
An OS command injection vulnerability exists in the ysthirdparty systemuserscript functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2023-3314
CVE-2023-3314 affects Trellix Enterprise Security Manager (and related entries) where a failure to fully sanitize zip file processing allows an authorized user to control the .zip application, enabling arbitrary command execution or privilege escalation. Public sources cite vulnerable versions (e...
PT-2023-24188 · Unknown · Esm Certificate Api
Name of the Vulnerable Software and Affected Versions: ESM certificate API affected versions not specified Description: An OS common injection vulnerability exists in the ESM certificate API. Incorrectly neutralized special elements may have allowed an unauthorized user to execute system command...
CVE-2023-34849
An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1...
CVE-2023-34849
An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1...
CVE-2023-34849
CVE-2023-34849 : Ikuai router OS up to version 3.7.1 contains an unauthorized command injection in the ActionLogin function of webman.lua, enabling arbitrary command execution with network access and no user interaction. Exploitation details are not provided in the connected docs; CVSSv3.1 is lis...
Kernel: bluetooth: Unauthorized management command execution
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...
Kernel: bluetooth: Unauthorized management command execution
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free vulnerability in the perfgroupdetach function of the Linux Kernel Performance Events CVE-2023-2235 kernel: netfilter: use-after-free in nftables when processing batch...
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: use-after-free vulnerability in the perfgroupdetach function of the Linux Kernel Performance Events CVE-2023-2235 kernel: netfilte...
ALSA-2023:3723 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free vulnerability in the perfgroupdetach function of the Linux Kernel Performance Events CVE-2023-2235 kernel: netfilter: use-after-free in nftables when processing batch...
AZL-27078 CVE-2023-2002 affecting package kernel for versions less than 5.15.116.1-2
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...
CVE-2023-27999
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
K00866128: Bash vulnerability CVE-2019-9924
Security Advisory Description rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell. CVE-2019-9924 Impact There is no impact; F5 products are not affected by this vulnerability. Securi...
Design/Logic Flaw
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol FTP are the only protocols available for device management, an unauthorized user could acce...
Tenda AC23 缓冲区错误漏洞
Tenda AC23 is a dual-band Gigabit wireless router from Tenda China. Tenda AC23 suffers from a stack overflow vulnerability, which originates from a stack overflow in the firewallEn parameter of the formSetFirewallCfg function. The vulnerability can be exploited by an attacker to execute...
CVE-2022-29058
An improper neutralization of special elements CWE-89 used in an OS command vulnerability CWE-78 in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4....
easy to craft input to execute commands that are not SELECTOR_TRANSFER_OPERATORSHIP
Lines of code Vulnerability details Impact For AxelarGateway.execute , the signed messageHash is only used to validateProof for currentOperators , so anyone can craft input to execute commands other than SELECTORTRANSFEROPERATORSHIP. Impact of above would allow anyone to be able to be approved to...
CVE-2022-20857
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this...