Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2023-24169: Tenda/6.md at main · DrizzlingSun/Tenda

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.

CVE
Open in Source
#vulnerability#dos#rce#buffer_overflow#auth
CVE-2023-24167: Tenda/1.md at main · DrizzlingSun/Tenda

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.

CVE-2023-24170: Tenda/3.md at main · DrizzlingSun/Tenda

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.

CVE-2023-20925: Pixel Update Bulletin—January 2023  |  Android Open Source Project

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A

CVE-2022-38775: Security issues

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

CVE-2022-20235: Android Security Bulletin—January 2023  |  Android Open Source Project

The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780

CVE-2022-20213: Android Automotive OS Update Bulletin—January 2023  |  Android Open Source Project

In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508

CVE-2022-31711: VMSA-2023-0001

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.

CVE-2022-29844: WDC-23002 My Cloud Firmware Version 5.26.119 | Western Digital

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.

CVE-2022-40719: ZDI-22-1223

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906.