Show filters
335,327 Total Results
Displaying 231-240 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2024-48070

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges
0
Attacker Value
Unknown

CVE-2024-48069

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges
0
Attacker Value
Unknown

CVE-2024-42450

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. Exploitation Status: Versa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment. Workarounds or Mitigation: Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa…
0
Attacker Value
Unknown

CVE-2024-11003

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps.
0
Attacker Value
Unknown

CVE-2024-10224

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval().
0
Attacker Value
Unknown

CVE-2023-21270

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
0
Attacker Value
Unknown

CVE-2022-47424

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1.
0
Attacker Value
Unknown

CVE-2018-9338

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
0
Attacker Value
Unknown

CVE-2017-13315

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation.
0
Attacker Value
Unknown

CVE-2024-52789

Disclosure Date: November 19, 2024 (last updated November 20, 2024)
Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root.
0