2 matches found
CVE-2023-34394
In CVE-2023-34394, Keysight Geolocation Server versions up to v2.4.2 are affected by a path validation issue that allows an attacker to upload a crafted malicious file or delete files/directories with SYSTEM privileges. The underlying root cause is improper path validation, enabling local privile...
CVE-2023-36853
Keysight Geolocation Server (affected: v2.4.2 and earlier) is impacted by CVE-2023-36853. A low-privileged attacker can craft a local ZIP file containing a malicious script in any location, enabling loading of a DLL with SYSTEM privileges. This is described as an Exposed Dangerous Method or Funct...