1763 matches found
PT-2025-2688 · Fortinet · Fortimanager +2
Name of the Vulnerable Software and Affected Versions: Fortinet FortiAnalyzer versions 6.4.0 through 6.4.15 Fortinet FortiAnalyzer versions 7.0.0 through 7.0.13 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.5 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3 Fortinet FortiManager versions...
OESA-2024-2496 perl-Module-ScanDeps security update
This module scans potential modules used by perl programs, and returns a hash reference; its keys are the module names as appears in %INC e.g. Test/More.pm; the values are hash references. Security Fixes: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps,...
CVE-2024-10224
A flaw was found in the Module-ScanDeps package. Due to the handling of unsanitized input, a local attacker can execute arbitrary shell commands or potentially escalate privileges on the host...
CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...
CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...
CVE-2024-11003
Qualys-identified vulnerability in needrestart (before version 3.8): unsanitized input passed to Modules::ScanDeps can allow a local user to run arbitrary shell commands. The root cause is unsafe data handling by needrestart feeding Modules::ScanDeps, enabling command execution on the host with l...
CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-10224
Qualys reports CVE-2024-10224 affects perl-Module-ScanDeps prior to 1.36, where unsanitized input could allow local command execution via open() of a pipe or by eval(). Remediations shown in connected advisories include updating to 1.36+ (examples show 1.37+ in Amazon Linux 2023/AL2023 and other ...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
Module-ScanDeps 权限许可和访问控制问题漏洞
Module-ScanDeps is an application by Roderich Schupp Personal Developer. A security vulnerability exists in Module-ScanDeps versions prior to 1.36 that stems from improper input validation, which could lead to a local attacker executing arbitrary shell commands by opening a pesky pipe or passing ...
CVE-2024-49362 Remote Code Execution on click of <a> Link in markdown preview
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...
Exploit for Command Injection in Netgate Pfsense
pfSense 2.7.0 Command Injection Exploit CVE-2023-42326 This...
ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Command Injection Vulnerability
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script. ABB Cylon Aspect 3.08.01...
CVE-2024-40089
A Command Injection vulnerability in Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device...