| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user. |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user. |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user. |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Due to the insufficient validation during the installation and load of certain configuration files of the affected device, an attacker could spawn a reverse shell and gain root access on the affected system. |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). During the Dynamic DNS configuration of the affected product it is possible to inject additional configuration parameters. Under certain circumstances, an attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system. |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system. |
| In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). |
| The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). |
| A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27146) |
| A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. |
| A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
| A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. |
| A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. |
| The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. |
| An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146. |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148. |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148. |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. |
| The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. |
