Lucene search
+L

183 matches found

bdu_fstec
bdu_fstec
added 2022/06/29 12:0 a.m.7 views

The vulnerability of the mailcap module in the Python programming language allows a hacker to execute any command they desire.

The vulnerability of the mailcap module in the Python programming language lies in insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker to execute any command remotely...

10CVSS7.1AI score0.07269EPSS
Exploits1References13Affected Software5
osv
osv
added 2022/05/17 4:58 a.m.9 views

GHSA-V89F-4MC4-H6W9 Salt has insufficient argument validation in several modules

Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...

8.8CVSS6.6AI score0.01515EPSS
Exploits0References6
bdu_fstec
bdu_fstec
added 2022/05/12 12:0 a.m.8 views

The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and R345P allows a hacker to execute arbitrary commands.

The vulnerability of the web-based management interface for Cisco Small Business RV340, RV340W, RV345, and R345P microprogramming devices is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

6.5CVSS7.4AI score0.01574EPSS
Exploits0References2Affected Software4
osv
osv
added 2022/05/04 10:15 p.m.32 views

PYSEC-2022-42999

DISPUTED In the python-libnmap package through 0.7.2 for Python, remote command execution can occur if used in a client application that does not validate arguments. NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that...

9.8CVSS7.1AI score0.04936EPSS
Exploits1References7
bdu_fstec
bdu_fstec
added 2022/02/25 12:0 a.m.10 views

The vulnerabilities of the DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 allow a hacker to execute arbitrary commands.

The vulnerability of the DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 routers is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a malicious actor to execute arbitrary commands using a...

10CVSS8.1AI score0.06573EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2022/01/19 12:0 a.m.6 views

PT-2022-2309 · Confd +1 · Confd +1

Name of the Vulnerable Software and Affected Versions: ConfD affected versions not specified Description: A vulnerability in the implementation of the CLI on a device running ConfD could allow an authenticated, local attacker to perform a command injection attack. The issue is due to insufficient...

8.8CVSS7.6AI score0.00832EPSS
Exploits0References9
bdu_fstec
bdu_fstec
added 2021/12/24 12:0 a.m.7 views

The vulnerability of the `salt.utils.thin.gen_thin()` function in the configuration management system and remote execution of SaltStack Salt operations allows a attacker to execute arbitrary commands on the target system.

The vulnerability of the salt.utils.thin.genthin function in the configuration management system and for remote execution of SaltStack Salt is related to insufficient validation of arguments passed in commands. Exploiting this vulnerability could allow a malicious actor to execute arbitrary...

9.8CVSS8.3AI score0.08246EPSS
Exploits0References12Affected Software4
vulncheck_kev
vulncheck_kev
added 2021/11/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-17144

Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution...

8.8CVSS7.7AI score0.36514EPSS
Exploits4References1
ptsecurity
ptsecurity
added 2021/10/27 12:0 a.m.5 views

PT-2021-4684 · Cisco · Cisco Ftd

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to insufficient validation of command arguments in the Command Line Interface CLI of Cisco Firepower Threat Defense FTD Software. Th...

7.8CVSS7.8AI score0.00262EPSS
Exploits0References6
cve
cve
added 2021/10/05 11:0 p.m.83 views

CVE-2021-41122

CVE-2021-41122 affects the Vyper smart contract language. The issue is that in affected versions, external functions did not properly validate the bounds of decimal arguments, enabling logic errors. The root cause is insufficient bounds checking for decimal inputs in external function definitions...

4.3CVSS4.5AI score0.00777EPSS
Exploits1References2Affected Software1
osv
osv
added 2021/09/23 3:15 a.m.4 views

CVE-2021-34729

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI...

6.7CVSS6.9AI score0.00346EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2021/09/06 12:0 a.m.5 views

The vulnerability of the iControl REST API interface for access control and remote authentication solutions like BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) as well as the server software BIG-IQ Centralized Management allows a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the iControl REST API for access control and remote authentication tools of BIG-IP LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO as well as the server software BIG-IQ Centralized Management is related to insufficient...

10CVSS8.5AI score0.99898EPSS
Exploits20References6Affected Software14
bdu_fstec
bdu_fstec
added 2021/09/03 12:0 a.m.7 views

The vulnerability of the Adobe Photoshop CC graphic editor lies in insufficient validation of arguments passed to commands, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Photoshop CC graphic editor is related to insufficient testing of arguments passed to commands. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user...

10CVSS8.2AI score0.07319EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2021/08/12 7:15 p.m.50 views

CVE-2021-37647

TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails...

7.7CVSS0.0016EPSS
Exploits0References2
cnnvd
cnnvd
added 2021/07/06 12:0 a.m.6 views

Linux kernel 数据伪造问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of the Linux kernel prior to 5.12.14, which stems from the fact that the kernel's module.c incorrectly handles signature validation...

7.8CVSS6.6AI score0.00246EPSS
Exploits0References17
bdu_fstec
bdu_fstec
added 2021/06/15 12:0 a.m.6 views

The vulnerability of the SetWizardConfig function in D-Link DIR-846 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetWizardConfig function in D-Link DIR-846 router microprogramming software is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created request /HNAP1/...

10CVSS8.1AI score0.03557EPSS
Exploits1References4Affected Software1
bdu_fstec
bdu_fstec
added 2021/06/09 12:0 a.m.7 views

The vulnerability of the server software BIG-IQ Centralized Management lies in insufficient validation of arguments passed in commands, allowing a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the server software in BIG-IQ Centralized Management lies in insufficient validation of the arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system by entering specially crafted control commands...

9CVSS7.5AI score0.05346EPSS
Exploits3References4Affected Software1
osv
osv
added 2021/05/14 8:15 p.m.3 views

PYSEC-2021-209

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...

5.5CVSS6.1AI score0.00189EPSS
Exploits1References2
prion
prion
added 2020/11/12 10:15 a.m.26 views

Input validation

Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439...

7.2CVSS7.6AI score0.01725EPSS
Exploits1References3
veracode
veracode
added 2020/09/28 4:6 a.m.25 views

Information Disclosure

tensorflow is vulnerable to information disclosure. The vulnerability exists due to the lack of validation of the datasplits argument in tf.rawops.StringNGrams, resulting in a memory leak...

9.8CVSS1.9AI score0.01015EPSS
Exploits1References4Affected Software3
Rows per page
Query Builder