98 matches found
CVE-2025-3083
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0...
CVE-2025-3083
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to...
CVE-2025-3083
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to...
CVE-2025-3084 MongoDB Server may crash due to improper validation of explain command
When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Serve...
CVE-2025-3084
CVE-2025-3084 affects MongoDB Server: 5.0 before 5.0.31, 6.0 before 6.0.20, 7.0 before 7.0.16, and 8.0 before 8.0.4. The root cause is improper validation of parameters for the explain command, which may be used to crash router servers. Impact is denial of service / crash (availability impact). R...
CVE-2025-3083 Malformed MongoDB wire protocol messages may cause mongos to crash
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to...
CVE-2025-3083 Malformed MongoDB wire protocol messages may cause mongos to crash
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to...
Malformed MongoDB wire protocol messages may cause mongos to crash
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to...
PT-2025-14095
Name of the Vulnerable Software and Affected Versions MongoDB versions prior to 5.0.31 MongoDB versions prior to 6.0.20 MongoDB versions prior to 7.0.16 Description Specifically crafted MongoDB wire protocol messages can cause MongoDB to crash during command validation. This issue can occur witho...
MongoDB -- Malformed wire protocol messages may cause mongos to crash
[email protected] reports: Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to6.0.20 and MongoDB v7...
CVE-2024-1881
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...
Huawei HarmonyOS Findnetwork Module Command Validation Bypass Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A command authentication bypass vulnerability exists in the Huawei HarmonyOS Findnetwork module, which can be exploited by an attacker to submit a special...
CVE-2024-1881
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...
CVE-2024-1881
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...
CVE-2024-1881
CVE-2024-1881 - AutoGPT OS Command Injection : AutoGPT (significant-gravitas/autogpt) is vulnerable in versions v0.5.0 through v5.1.0 due to improper neutralization in shell command validation. The flaw stems from validating commands against an allowlist/denylist by only checking the first word, ...
CVE-2024-1881 Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...
PT-2024-18388 · Autogpt · Autogpt
Name of the Vulnerable Software and Affected Versions: AutoGPT versions v0.5.0 through v5.1.0 Description: The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to...
Exposed Dangerous Method or Function
Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function due to insufficient validation of public methods on Command classes. An attacker can invoke more methods than should be allowed by exploiting the lack of robust checks on method permissions. Workarou...
Command Injection
PaddlePaddle is vulnerable to Command Injection. The vulnerability is caused due to improper command validation within the wgetdownload' method. The attacker can execute arbitrary commands on the operating system...
PT-2023-5995 · Fortinet · Fortianalyzer +2
Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.0 through 7.2.2 FortiAnalyzer versions 6.0 through 7.2.2 FortiADC versions 6.0 through 7.1.0 Description: The issue is related to insufficient argument validation in a command, which can be exploited to execute arbitra...