CVE-2024-55547 Remote Command Execution via SNMP

SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e...

CVE-2024-47977

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this...

CVE-2024-47484

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this...

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access, Germany. A security vulnerability exists in Image Access Scan2Net versions 7.40 and earlier, 7.42 and earlier, and 7.42B and earlier, which stems from improper cleaning of the HTTP GET parameter data, which allows an attacker to acce...

CVE-2024-55580

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in November 2024 IR, Ma...

CVE-2024-12350

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...

Qlik Sense 安全漏洞

Qlik Sense is an application from Qlik, Inc. that allows users to create visualizations, charts, interactive dashboards, and analytical applications for local and offline use. A security vulnerability exists in Qlik Sense Enterprise for Windows prior to November 2024 IR, which originates from a...

CVE-2024-55580

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in November 2024 IR, Ma...

CVE-2024-55580

CVE-2024-55580 affects Qlik Sense Enterprise for Windows prior to November 2024 IR. An unprivileged user with network access can cause remote command execution and potentially compromise availability, integrity, and confidentiality due to issues in handling connection objects and input processing...

The vulnerability of the command-line interface (CLI) of the Instant AOS-8 and AOS-10 operating systems, which allows a hacker to execute arbitrary commands

The vulnerability of the command-line interface CLI of the Instant AOS-8 and AOS-10 operating systems is related to the lack of restrictions on the loading of files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the command-line interface (CLI) of the Instant AOS-8 and AOS-10 operating systems, which allows a hacker to execute arbitrary commands

The vulnerability of the command-line interface CLI of the Instant AOS-8 and AOS-10 operating systems is related to the lack of restrictions on the loading of files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the QuTS operating systems and QTS network devices from Qnap arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the QuTS operating systems and QTS network devices involves the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-50393

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and...

CVE-2024-50388

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-50393

CVE-2024-50393 is a command-injection vulnerability reported to affect QNAP QTS and QuTS hero OS families. The issue may allow remote attackers to execute arbitrary commands via network access, with a low attack complexity and no privileges required, potentially impacting confidentiality, integri...

CVE-2024-50393 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and...

CVE-2024-50393 QTS, QuTS hero

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and...

CVE-2024-50388

CVE-2024-50388 is an OS command injection vulnerability affecting HBS 3 Hybrid Backup Sync. The vulnerability could allow remote code execution; affected versions include prior to 25.1.1.673, with fixes in 25.1.1.673 and later. Public disclosures in multiple feeds corroborate remote-command execu...

CVE-2024-50388 HBS 3 Hybrid Backup Sync

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later...

CVE-2024-47133

UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands...