[SECURITY] [DLA 4047-1] sssd security update

Debian LTS Advisory DLA-4047-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 09, 2025 https://wiki.debian.org/LTS Package : sssd Version : 2.4.1-2+deb11u1 CVE ID : CVE-2021-3621 CVE-2023-3758 Debian Bug : 992710 1070369 Vulnerabilities were found in sssd...

CVE-2024-42360

SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been...

CVE-2024-42502

Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system...

PT-2025-2192 · Newtec · Newtec/Idirect Ntc2299 +2

Name of the Vulnerable Software and Affected Versions: Newtec/iDirect NTC2218, NTC2250, NTC2299 versions 1.0.1.1 through 2.2.6.19 Description: The issue affects the commit multicast page in the modem's web administration interface, which improperly parses incoming data from the request before...

ABB Cylon Aspect 3.08.01 (servicesUpdate.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated blind OS...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

NebulaGraph 安全漏洞

NebulaGraph is a popular open source graphics database open sourced by vesoft. A security vulnerability exists in NebulaGraph version 3.8.0 that stems from allowing shell command injection...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

PT-2024-32482 · Vesoft · Vesoft Nebulagraph

Name of the Vulnerable Software and Affected Versions: vesoft NebulaGraph versions through 3.8.0 Description: An issue was discovered in vesoft NebulaGraph that allows shell command injection. Recommendations: For versions through 3.8.0, update to a version later than 3.8.0 to resolve the issue. ...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

Dockwatch Remote Command Execution Exploit

Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not...

SequenceServer 安全漏洞

SequenceServer is an intuitive graphical web interface from the Yannick Wurm team. It is used to run BLAST bioinformatics tools. A security vulnerability exists in SequenceServer versions prior to 3.1.2 that stems from not properly cleaning up user input and query parameters, which could be...

PT-2024-29895 · Unknown · Sequenceserver

Name of the Vulnerable Software and Affected Versions: SequenceServer versions prior to 3.1.2 Description: The issue arises from several HTTP endpoints not properly sanitizing user input and/or query parameters, which could be exploited to inject and run unwanted shell commands. Recommendations:...

CVE-2024-3659

Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router...

CVE-2024-3659

Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router...

CVE-2024-3659

CVE-2024-3659 affects KAON AR2140 routers. Firmware versions prior to 3.2.50 and 4.2.16 are vulnerable to a shell command injection via a crafted request to specific endpoints. Exploitation requires access to the device’s administrative portal. Remediation: upgrade to 3.2.50+ or 4.2.16+ (per vend...

KAON AR2140 安全漏洞

The KAON AR2140 is a wireless router from KAON. A security vulnerability exists in the KAON AR2140 version 4.2.16 and prior versions, which stems from the router firmware being susceptible to shell command injection attacks...

Exploit for CVE-2024-44610

CVE-2024-44610: PEAK PCAN-Ethernet Gateway FD DR Authenticated...

CVE-2024-3799 Shell command injection in Phoniebox

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...