Show filters
386 Total Results
Displaying 101-110 of 386
Sort by:
Attacker Value
Unknown
CVE-2023-27354
Disclosure Date: April 20, 2023 (last updated October 08, 2023)
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19727.
0
Attacker Value
Unknown
CVE-2023-27353
Disclosure Date: April 20, 2023 (last updated October 08, 2023)
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19846.
0
Attacker Value
Unknown
CVE-2023-27352
Disclosure Date: April 20, 2023 (last updated October 08, 2023)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19845.
0
Attacker Value
Unknown
CVE-2022-22512
Disclosure Date: March 23, 2023 (last updated October 08, 2023)
Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.
0
Attacker Value
Unknown
CVE-2021-34125
Disclosure Date: March 09, 2023 (last updated October 08, 2023)
An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.
0
Attacker Value
Unknown
CVE-2023-20078
Disclosure Date: March 02, 2023 (last updated October 08, 2023)
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
0
Attacker Value
Unknown
CVE-2023-20079
Disclosure Date: March 02, 2023 (last updated October 08, 2023)
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
0
Attacker Value
Unknown
CVE-2022-27538
Disclosure Date: February 01, 2023 (last updated October 08, 2023)
A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.
0
Attacker Value
Unknown
CVE-2022-27537
Disclosure Date: February 01, 2023 (last updated October 08, 2023)
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.
0
Attacker Value
Unknown
CVE-2021-3809
Disclosure Date: February 01, 2023 (last updated October 08, 2023)
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
0