OESA-2024-1587 less security update

Less is a pager. A pager is a program that displays text files. Other pagers commonly in use are more and pg. Pagers are often used in command-line environments like the Unix shell and the MS-DOS command prompt to display files. Security Fixes: less through 653 allows OS command execution via a...

OS Command Execution

fuel/core is vulnerable to OS Command Execution. The vulnerability is due to insufficient image filenames validation when constructing the ImageMagick command, which allows specially crafted filenames to be executed as operating system commands...

CVE-2024-34210

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter...

CVE-2024-34210

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter...

CVE-2024-34204

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter...

CVE-2024-34204

TOTOLINK outdoor CPE CP450 v4.1.0cu.747B20191224 was discovered to contain a command injection vulnerability in the setUpgradeFW function via the FileName parameter...

CVE-2024-32874

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...

CLSA-2024-1715673753 Fix CVE(s): CVE-2024-32487

SECURITY UPDATE: quoting is mishandled in filename.c. - debian/patches/CVE-2024-32487.patch: Fix bug when viewing a file whose name contains a newline. - CVE-2024-32487...

CLSA-2024-1715673596 less: Fix of CVE-2024-32487

Fix CVE-2024-32487: filename.c: quoting mishandling...

CLSA-2024-1715673429 less: Fix of CVE-2024-32487

Fix CVE-2024-32487: filename.c: quoting mishandling...

CLSA-2024-1715672666 less: Fix of CVE-2024-32487

CVE-2024-32487: filename.c: quoting mishandling...

CLSA-2024-1715672446 less: Fix of CVE-2024-32487

Fix CVE-2024-32487: filename.c: quoting mishandling...

Kingsoft WPS 安全漏洞

Kingsoft WPS is a kind of office software from Kingsoft, a Chinese company. It provides document processing functions. A security vulnerability exists in Kingsoft WPS versions prior to 17.0.0, which stems from the inability to properly clean up filenames before they are interactively processed...

TOTOLINK CPE CP450 安全漏洞

TOTOLINK CPE CP450 is an outdoor wireless client terminal device from China Gion Electronics TOTOLINK, which is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. A security vulnerability exists in the TOTOLINK CPE CP450...

Siemens RUGGEDCOM CROSSBOW 安全漏洞

Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a filename or path external control vulnerability due to an affected system allowing a privileged user to upload firmware files to the root installation director...

Siemens RUGGEDCOM CROSSBOW 安全漏洞

Siemens RUGGEDCOM CROSSBOW is a proven secure access management solution from Siemens, Germany. Siemens RUGGEDCOM CROSSBOW suffers from a filename or path external control vulnerability due to a bulk import feature on the affected system that allows a privileged user to upload files to the root...

Ruijie Networks RG-UAC 操作系统命令注入漏洞

Ruijie Networks RG-UAC is an Internet behavior management and auditing product from China's Ruijie Networks Ruijie Networks. It is used to solve Internet auditing problems. An operating system command injection vulnerability exists in Ruijie Networks RG-UAC 20240506 and earlier versions, which...

TOTOLINK CPE CP450 安全漏洞

TOTOLINK CPE CP450 is an outdoor wireless client terminal device from China Gion Electronics TOTOLINK, which is mainly used to provide wireless broadband access services, especially for wireless network coverage in rural or remote areas. A command injection vulnerability exists in the TOTOLINK CP...

RHEL 6 : archive_tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949 - ArchiveTar through...

RHEL 6 : netkit-rsh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - netkit-rsh: possible overwrite of arbitrary files by a malicious rsh server CVE-2019-7283 - In NetKit...