CVE-2024-20329 Cisco Adaptive Security Appliance Software Remote Command Injection Vulnerability

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

CVE-2024-20329

CVE-2024-20329 (Cisco ASA SSH RCE) involves an authenticated remote command-injection vulnerability in the SSH subsystem of Cisco ASA software. The root cause is insufficient validation of user input when executing remote CLI commands over SSH. Exploitation could allow a limited-privilege user to...

Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

D-Link DIR-878 and D-Link DIR-882 Command Injection Vulnerability (CNVD-2024-41701)

The D-Link DIR-878 is a wireless router.The D-Link DIR-882 is a dual-band wireless router. A command injection vulnerability exists in the D-Link DIR-878 and D-Link DIR-882, which can be exploited by an attacker to execute arbitrary operating system commands via a constructed POST request...

D-Link DIR-878 and D-Link DIR-882 Command Injection Vulnerabilities (CNVD-2024-41696)

The D-Link DIR-878 is a wireless router.The D-Link DIR-882 is a dual-band wireless router. A command injection vulnerability exists in the D-Link DIR-878 and D-Link DIR-882, which can be exploited by an attacker to execute arbitrary operating system commands via a constructed POST request...

D-Link DIR-878和D-Link DIR-882 安全漏洞

The D-Link DIR-878 is a wireless router.The D-Link DIR-882 is a dual-band wireless router. A command injection vulnerability exists in the D-Link DIR-878 and D-Link DIR-882, which can be exploited by an attacker to execute arbitrary operating system commands via a constructed POST request...

PT-2024-31529 · Helmholz +1 · Rex100 +3

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. This issue allows a remote attacker to r...

The vulnerability of the External Lookups technology in the Splunk Enterprise platform for operational analysis allows a malicious actor to escalate their privileges and execute arbitrary commands.

The vulnerability of Splunk Enterprise’s External Lookups technology relates to the improper elimination of certain elements used in the operating system’s command set. This occurs due to the use of data models for detecting unauthorized searches called SearchActivity. Exploiting this vulnerabili...

The vulnerability of the web printing function in the control systems for printing in PaperCut MF and PaperCut NG allows a violator to trigger a service failure.

The vulnerability of the web printing function in the control tools for printing in PaperCut MF and PaperCut NG is related to the failure to implement measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow an attacker to cause servic...

The vulnerability of the component cgi-bin/mainfunction.cgi/cvmcfgupload in the microprogramming software for DrayTek Vigor allows a hacker to execute arbitrary code.

The vulnerability of the cgi-bin/mainfunction.cgi/cvmcfgupload component of DrayTek Vigor routing software exists due to the failure to eliminate special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2024-6969 · Deepspeed · Deepspeed

Name of the Vulnerable Software and Affected Versions: DeepSpeed affected versions not specified Description: The issue is related to the DeepSpeed library, which is used for deep learning optimization. It is associated with the failure to neutralize special elements used in operating system...

PT-2024-6834 · Microsoft +1 · Visual Studio Code +1

Name of the Vulnerable Software and Affected Versions: Visual Studio Code affected versions not specified Description: The issue is related to the failure to neutralize special elements used in operating system commands. This could allow a remote attacker to execute arbitrary code. Recommendation...

Elsight Halo 安全漏洞

Elsight Halo is Elsight's drone operations management. A security vulnerability exists in Elsight Halo version 11.7.1.5 that stems from mishandling of special elements in operating system commands, resulting in OS command injection...

The vulnerability in the script /view/DBManage/Backup_Server_commit.php of the D-Link DAR-7000 and DAR-8000 router microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the /view/DBManage/BackupServercommit.php script of the D-Link DAR-7000 and DAR-8000 router microprogramming systems exists due to the failure to address the need to neutralize certain special elements used in the operating system commands. Exploiting this vulnerability allow...

Nortek Control Linear eMerge E3-Series 安全漏洞

The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors a person can use to enter and exit a specified location at a specified time. A security vulnerability exists in Nortek Control Linear eMerge E3-Series version 1.00-07 and...

The vulnerability of the cfGetPrinterAttributes5 function in the libcupsfilters library of the CUPS printing server allows a attacker to disclose protected information.

The vulnerability of the cfGetPrinterAttributes5 function in the libcupsfilters library of the CUPS printing server is related to the lack of measures taken to neutralize special elements used in OS commands. Exploiting this vulnerability may allow a malicious actor to disclose protected...

VulnCheck KEV: CVE-2020-3451

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system OS as a restricted user. For more...

LangChain 代码问题漏洞

LangChain is a LangChain open source implementation of a locally hosted chatbot dedicated to answering questions via LangChain documents. LangChain suffers from a code issue vulnerability that stems from the FAISS.deserializefrombytes function's pickle deserialization of untrustworthy data, which...

CVE-2024-45697

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials...

The vulnerability of the microprogrammed software of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN devices allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed network devices Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...