183 matches found
The vulnerability of the mailcap module in the Python programming language allows a hacker to execute any command they desire.
The vulnerability of the mailcap module in the Python programming language lies in insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker to execute any command remotely...
GHSA-V89F-4MC4-H6W9 Salt has insufficient argument validation in several modules
Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and R345P allows a hacker to execute arbitrary commands.
The vulnerability of the web-based management interface for Cisco Small Business RV340, RV340W, RV345, and R345P microprogramming devices is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...
PYSEC-2022-42999
DISPUTED In the python-libnmap package through 0.7.2 for Python, remote command execution can occur if used in a client application that does not validate arguments. NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that...
The vulnerabilities of the DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 allow a hacker to execute arbitrary commands.
The vulnerability of the DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 routers is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a malicious actor to execute arbitrary commands using a...
PT-2022-2309 · Confd +1 · Confd +1
Name of the Vulnerable Software and Affected Versions: ConfD affected versions not specified Description: A vulnerability in the implementation of the CLI on a device running ConfD could allow an authenticated, local attacker to perform a command injection attack. The issue is due to insufficient...
The vulnerability of the `salt.utils.thin.gen_thin()` function in the configuration management system and remote execution of SaltStack Salt operations allows a attacker to execute arbitrary commands on the target system.
The vulnerability of the salt.utils.thin.genthin function in the configuration management system and for remote execution of SaltStack Salt is related to insufficient validation of arguments passed in commands. Exploiting this vulnerability could allow a malicious actor to execute arbitrary...
VulnCheck KEV: CVE-2020-17144
Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution...
PT-2021-4684 · Cisco · Cisco Ftd
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to insufficient validation of command arguments in the Command Line Interface CLI of Cisco Firepower Threat Defense FTD Software. Th...
CVE-2021-41122
CVE-2021-41122 affects the Vyper smart contract language. The issue is that in affected versions, external functions did not properly validate the bounds of decimal arguments, enabling logic errors. The root cause is insufficient bounds checking for decimal inputs in external function definitions...
CVE-2021-34729
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI...
The vulnerability of the iControl REST API interface for access control and remote authentication solutions like BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) as well as the server software BIG-IQ Centralized Management allows a perpetrator to execute arbitrary commands on the target system.
The vulnerability of the iControl REST API for access control and remote authentication tools of BIG-IP LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO as well as the server software BIG-IQ Centralized Management is related to insufficient...
The vulnerability of the Adobe Photoshop CC graphic editor lies in insufficient validation of arguments passed to commands, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Photoshop CC graphic editor is related to insufficient testing of arguments passed to commands. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user...
CVE-2021-37647
TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails...
Linux kernel 数据伪造问题漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in versions of the Linux kernel prior to 5.12.14, which stems from the fact that the kernel's module.c incorrectly handles signature validation...
The vulnerability of the SetWizardConfig function in D-Link DIR-846 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the SetWizardConfig function in D-Link DIR-846 router microprogramming software is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created request /HNAP1/...
The vulnerability of the server software BIG-IQ Centralized Management lies in insufficient validation of arguments passed in commands, allowing a perpetrator to execute arbitrary commands on the target system.
The vulnerability of the server software in BIG-IQ Centralized Management lies in insufficient validation of the arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system by entering specially crafted control commands...
PYSEC-2021-209
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...
Input validation
Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439...
Information Disclosure
tensorflow is vulnerable to information disclosure. The vulnerability exists due to the lack of validation of the datasplits argument in tf.rawops.StringNGrams, resulting in a memory leak...