CVE-2024-44092

HIGH Year: 2024
CVSS v3 Score
7.4
High
Weakness Type
CWE-489
View all →

Vulnerability Description

There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2022-33323

HIGH
CVSS:7.5(High)

Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthori...

CWE-4892022

CVE-2024-29511

HIGH
CVSS:7.5(High)

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguag...

CWE-4892024

CVE-2020-25156

HIGH
CVSS:7.2(High)

Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to ac...

CWE-4892020

CVE-2022-38715

HIGH
CVSS:7.2(High)

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An at...

CWE-4892022

CVE-2023-49593

HIGH
CVSS:7.2(High)

Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution.

CWE-4892023

CVE-2024-21827

HIGH
CVSS:7.2(High)

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network reques...

CWE-4892024