The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.ĭelta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.ĬomponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.ĭelta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242001391References: N/AĬobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. This could lead to remote code execution with no additional execution privileges needed. In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible out of bounds write due to a heap buffer overflow. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240662453References: N/A In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This vulnerability allows attackers to execute arbitrary commands via a crafted request. TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232242894 ![]() This could lead to remote escalation of privilege with no additional execution privileges needed. In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name. ![]() ![]() The identifier VDB-223801 was assigned to this vulnerability. It is recommended to apply a patch to fix this issue. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.Ī vulnerability was found in grinnellplans-php up to 3.0. Patch information is provided when available. This information may include identifying information, values, definitions, and related links.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |