Description
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Base Score: 9.8 CRITICAL
CVE-2023-23560 Description In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation. Base Score: Critical https://support.lexmark.com/alerts/ ___________________________________ CVE-2016-9244 Description A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may […]
CVE-2022-25992 Description Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Base Score: 7.5 HIGH http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html ____________________ CVE-2022-26343 Description Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation […]
CVE-2023-21535 Description Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548. Base Score: 8.1 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21535 __________________________________ CVE-2023-21532 Description Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21552. Base Score: 7.0 HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21532 ___________________________________ CVE-2023-21531 Description Azure Service Fabric Container Elevation of Privilege Vulnerability. Base […]
Leave a Reply