| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. |
| Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input. |
| Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices. |
| Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices. |
| Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution. |
| An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server. |
| A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind). |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind). |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind). |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind). |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind). |
| An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind). |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from insufficient input validation in the key-generation function, which could potentially allow malicious users to execute remote code on affected devices. |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. This vulnerability stems from inadequate input validation in the certificate management function, which could potentially allow malicious users to execute remote code on affected devices. |
|
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't
check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a
potential Remote Code Execution on the targeted device
|
|
When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying
internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code
Execution on the targeted device. This is especially problematic if you use Default DESFire key.
|
|
During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes
to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted
device
|
|
The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation
operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the
targeted device
|
