All Posts by: Prophy Insights

Description Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable

Description A vulnerability has been found in Backdoor.Win32.RemServ.d and classified as critical. This vulnerability affects unknown code of the component

Description Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and

Description In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to

Description Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor

Description Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows)

Description Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure

Description Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the list parameter in the formSetQosBand function. References

Description Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload

Description A logic issue was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS

Description Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability.

Description Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in OpenNebula OpenNebula core on Linux allows

Description Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the “Ethernet Q Commands” service. Any user

Description Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates

Description Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder

Description An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit

Description A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of

Description On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be

Description A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message

Description Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon

Description In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed

Description Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue

Description A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function ipaddr_link_get

Description A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could