CVE-2022-30541 : ABODE IOTA ALL-IN-ONE SECURITY KIT 6.9X/6.9Z XCMD SETUPNP OS COMMAND INJECTION

Description

An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this vulnerability.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1557

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-34693 : APACHE SUPERSET UP TO 3.1.2/4.0.0 MARIADB CONNECTION INFORMATION DISCLOSURE

CVE-2024-34693 : APACHE SUPERSET UP TO 3.1.2/4.0.0 MARIADB CONNECTION INFORMATION DISCLOSURE

Description Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile

CVE-2024-6146 : ACTIONTEC WCB6200Q 1.2L.03.5 HTTP SERVER UH_GET_POSTDATA_WITHUPLOAD STACK-BASED OVERFLOW

CVE-2024-6146 : ACTIONTEC WCB6200Q 1.2L.03.5 HTTP SERVER UH_GET_POSTDATA_WITHUPLOAD STACK-BASED OVERFLOW

Description Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code

CVE-2024-36978 : LINUX KERNEL UP TO 6.10-RC2 SCH_MULTIQ MULTIQ_TUNE OUT-OF-BOUNDS WRITE

CVE-2024-36978 : LINUX KERNEL UP TO 6.10-RC2 SCH_MULTIQ MULTIQ_TUNE OUT-OF-BOUNDS WRITE

Description In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune()