Lucene search
+L

121 matches found

Positive Technologies
Positive Technologies
added 2024/01/25 12:0 a.m.4 views

PT-2024-1430 · Machinesense · Machinesense Feverwarn Raspberry Pi-Based Devices +2

Name of the Vulnerable Software and Affected Versions: MachineSense FeverWarn Raspberry Pi-based devices affected versions not specified FeverWarn ESP32 affected versions not specified FeverWarn DataHub RaspberryPi affected versions not specified Description: The issue is related to insufficient...

8.1CVSS7.4AI score0.00385EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.7 views

PT-2023-20744 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application version 3.1.013 Description: The issue allows authenticated attackers to upload arbitrary files to the web root, including dangerous files such as ASP or ASPX, which can lead to command execution on the affected server...

8.8CVSS8.8AI score0.01463EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/05 12:0 a.m.10 views

PT-2023-6496 · Dell · Dell Smartfabric Storage

Name of the Vulnerable Software and Affected Versions: Dell SmartFabric Storage Software versions 1.4 and earlier Description: The issue is related to an OS Command Injection Vulnerability in the CLI of the Dell SmartFabric Storage Software. This vulnerability could allow an authenticated local...

7.8CVSS7.5AI score0.00468EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/05/22 2:58 p.m.8 views

CVE-2023-32347

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...

8.1CVSS7.4AI score0.00665EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.6 views

PT-2023-23418 · Wcms · Wcms

Name of the Vulnerable Software and Affected Versions: Wcms version 0.3.2 Description: The issue allows an attacker to send a crafted request from a vulnerable web application backend server via the "finish" parameter and the textAreaCode parameter in the "/wcms/wex/html.php" endpoint. This enabl...

9.8CVSS9.5AI score0.2022EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/02/17 12:0 a.m.10 views

PT-2023-4571 · Python +11 · Python +11

Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.11.4 Description: A critical issue in the urllib.parse component of Python allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters, enabling domain filter bypass, file...

9.8CVSS6.5AI score0.75116EPSS
Exploits59References571
Snyk
Snyk
added 2022/05/28 8:22 a.m.3 views

Arbitrary Code Injection

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

10CVSS7.9AI score0.01801EPSS
Exploits0References2
OSV
OSV
added 2022/05/04 9:35 p.m.12 views

CVE-2022-30284

In the python-libnmap package through 0.7.2 for Python, remote command execution can occur if used in a client application that does not validate arguments. NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived...

9CVSS9.6AI score0.04936EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/04/14 12:0 a.m.5 views

PT-2022-8698 · B. Braun Melsungen Ag · Data Module Compactplus +1

Name of the Vulnerable Software and Affected Versions: B. Braun Melsungen AG SpaceCom versions L81/U61 and earlier B. Braun Melsungen AG Data module compactplus versions A10 and A11 Description: A relative path traversal attack allows attackers with service user privileges to upload arbitrary...

9CVSS8.8AI score0.0147EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/03/17 8:30 p.m.8 views

CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging

gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...

8.8CVSS8.8AI score0.01278EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/16 10:15 a.m.3 views

CVE-2021-45851

A Server-Side Request Forgery SSRF attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server...

7.5CVSS7.2AI score0.01431EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/02/25 12:0 a.m.4 views

UIC-DATA ONU4FERW 命令注入漏洞

C-DATA ONU4FERW is used for data management.C-DATA ONU4FERW is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary commands via the FormImportomCashell function...

7.8CVSS6AI score0.0305EPSS
Exploits1References4
CNVD
CNVD
added 2021/05/14 12:0 a.m.19 views

Exim Permission License and Access Control Issues Vulnerability

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. Exim suffers from a privilege-granting and access-control issue vulnerability that stems from the application not properly applying security restrictions to a fake offline directory. An...

7.8CVSS6.8AI score0.00404EPSS
Exploits3References1
OSV
OSV
added 2020/10/26 6:15 p.m.3 views

DEBIAN-CVE-2020-15271

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...

8.8CVSS8.3AI score0.0198EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/09/01 4:43 p.m.5 views

bash: BASH_CMD is writable in restricted bash shells

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell...

7.8CVSS7.5AI score0.00415EPSS
Exploits0References4
OSV
OSV
added 2020/07/17 12:15 a.m.9 views

CVE-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

8.8CVSS8.8AI score0.99118EPSS
Exploits9References4
OSV
OSV
added 2018/08/17 6:54 a.m.9 views

SUSE-SU-2018:2403-1 Security update for mutt

This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imapquotestring in imap/util.c that does not leave room for quote characters bsc1101582. - CVE-2018-14353: Fix imapquotestring in imap/util.c that has an integer underflow bsc1101581. - CVE-2018-14362: F...

9.8CVSS8.3AI score0.06229EPSS
Exploits0References24
OSV
OSV
added 2018/04/16 6:18 a.m.9 views

SUSE-SU-2018:0947-1 Security update for evince

This update for evince fixes the following issues: - CVE-2017-1000159: Command injection in evince via filename when printing to PDF could lead to command execution bsc1070046...

7.8CVSS7.9AI score0.01406EPSS
Exploits0References3
OSV
OSV
added 2017/01/19 8:59 p.m.1 views

DEBIAN-CVE-2016-7545

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call...

8.8CVSS9.3AI score0.00382EPSS
Exploits0References1
OSV
OSV
added 2015/04/04 10:45 a.m.6 views

MGASA-2015-0132 Updated cups-filters packages fix CVE-2015-2265

Updated cups-filters package fixes security vulnerability: cups-browsed in cups-filters before 1.0.66 contained a bug in the removebadchars function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrary...

7.5CVSS6.7AI score0.02958EPSS
Exploits1References4
Rows per page
Query Builder