121 matches found
PT-2024-1430 · Machinesense · Machinesense Feverwarn Raspberry Pi-Based Devices +2
Name of the Vulnerable Software and Affected Versions: MachineSense FeverWarn Raspberry Pi-based devices affected versions not specified FeverWarn ESP32 affected versions not specified FeverWarn DataHub RaspberryPi affected versions not specified Description: The issue is related to insufficient...
PT-2023-20744 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application version 3.1.013 Description: The issue allows authenticated attackers to upload arbitrary files to the web root, including dangerous files such as ASP or ASPX, which can lead to command execution on the affected server...
PT-2023-6496 · Dell · Dell Smartfabric Storage
Name of the Vulnerable Software and Affected Versions: Dell SmartFabric Storage Software versions 1.4 and earlier Description: The issue is related to an OS Command Injection Vulnerability in the CLI of the Dell SmartFabric Storage Software. This vulnerability could allow an authenticated local...
CVE-2023-32347
Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...
PT-2023-23418 · Wcms · Wcms
Name of the Vulnerable Software and Affected Versions: Wcms version 0.3.2 Description: The issue allows an attacker to send a crafted request from a vulnerable web application backend server via the "finish" parameter and the textAreaCode parameter in the "/wcms/wex/html.php" endpoint. This enabl...
PT-2023-4571 · Python +11 · Python +11
Name of the Vulnerable Software and Affected Versions: Python versions prior to 3.11.4 Description: A critical issue in the urllib.parse component of Python allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters, enabling domain filter bypass, file...
Arbitrary Code Injection
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
CVE-2022-30284
In the python-libnmap package through 0.7.2 for Python, remote command execution can occur if used in a client application that does not validate arguments. NOTE: the vendor believes it would be unrealistic for an application to call NmapProcess with arguments taken from input data that arrived...
PT-2022-8698 · B. Braun Melsungen Ag · Data Module Compactplus +1
Name of the Vulnerable Software and Affected Versions: B. Braun Melsungen AG SpaceCom versions L81/U61 and earlier B. Braun Melsungen AG Data module compactplus versions A10 and A11 Description: A relative path traversal attack allows attackers with service user privileges to upload arbitrary...
CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...
CVE-2021-45851
A Server-Side Request Forgery SSRF attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server...
UIC-DATA ONU4FERW 命令注入漏洞
C-DATA ONU4FERW is used for data management.C-DATA ONU4FERW is vulnerable to OS command injection, which can be exploited by attackers to execute arbitrary commands via the FormImportomCashell function...
Exim Permission License and Access Control Issues Vulnerability
Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. Exim suffers from a privilege-granting and access-control issue vulnerability that stems from the application not properly applying security restrictions to a fake offline directory. An...
DEBIAN-CVE-2020-15271
In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...
bash: BASH_CMD is writable in restricted bash shells
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell...
CVE-2020-11978
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...
SUSE-SU-2018:2403-1 Security update for mutt
This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imapquotestring in imap/util.c that does not leave room for quote characters bsc1101582. - CVE-2018-14353: Fix imapquotestring in imap/util.c that has an integer underflow bsc1101581. - CVE-2018-14362: F...
SUSE-SU-2018:0947-1 Security update for evince
This update for evince fixes the following issues: - CVE-2017-1000159: Command injection in evince via filename when printing to PDF could lead to command execution bsc1070046...
DEBIAN-CVE-2016-7545
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call...
MGASA-2015-0132 Updated cups-filters packages fix CVE-2015-2265
Updated cups-filters package fixes security vulnerability: cups-browsed in cups-filters before 1.0.66 contained a bug in the removebadchars function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrary...