Show filters
335,327 Total Results
Displaying 231-240 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-48070
Disclosure Date: November 19, 2024 (last updated November 20, 2024)
An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges
0
Attacker Value
Unknown
CVE-2024-48069
Disclosure Date: November 19, 2024 (last updated November 20, 2024)
A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges
0
Attacker Value
Unknown
CVE-2024-42450
Disclosure Date: November 19, 2024 (last updated November 20, 2024)
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system.
Exploitation Status:
Versa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment.
Workarounds or Mitigation:
Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa…
0
Attacker Value
Unknown
CVE-2024-11003
Disclosure Date: November 19, 2024 (last updated November 20, 2024)
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.
0
Attacker Value
Unknown
CVE-2024-10224
Disclosure Date: November 19, 2024 (last updated November 20, 2024)
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
0
Attacker Value
Unknown
CVE-2023-21270
Disclosure Date: November 19, 2024 (last updated November 20, 2024)
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
0
Attacker Value
Unknown
CVE-2022-47424
Disclosure Date: November 19, 2024 (last updated November 20, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1.
0
Attacker Value
Unknown
CVE-2018-9338
Disclosure Date: November 19, 2024 (last updated November 20, 2024)
In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
0
Attacker Value
Unknown
CVE-2017-13315
Disclosure Date: November 19, 2024 (last updated November 20, 2024)
In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation.
0
Attacker Value
Unknown
CVE-2024-52789
Disclosure Date: November 19, 2024 (last updated November 20, 2024)
Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
0