1763 matches found
CVE-2024-47219
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...
NebulaGraph 安全漏洞
NebulaGraph is a popular open source graphics database open sourced by vesoft. A security vulnerability exists in NebulaGraph version 3.8.0 that stems from allowing shell command injection...
CVE-2024-47219
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...
CVE-2024-47219
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...
PT-2024-32482 · Vesoft · Vesoft Nebulagraph
Name of the Vulnerable Software and Affected Versions: vesoft NebulaGraph versions through 3.8.0 Description: An issue was discovered in vesoft NebulaGraph that allows shell command injection. Recommendations: For versions through 3.8.0, update to a version later than 3.8.0 to resolve the issue. ...
Debian dla-3891 : libmariadb-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3891 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3891-1 [email protected] https://www.debian.org/lts/security/...
Dockwatch Remote Command Execution Exploit
Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not...
CVE-2024-6091
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executin...
CVE-2024-6091 Shell Command Denylist Bypass in significant-gravitas/autogpt
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executin...
CVE-2024-6091 Shell Command Denylist Bypass in significant-gravitas/autogpt
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executin...
Moderate: Red Hat Security Advisory: ghostscript security update
An update for ghostscript is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
AlmaLinux 9 : ghostscript (ALSA-2024:6197)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6197 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution due to...
Moderate: Red Hat Security Advisory: ghostscript security update
An update for ghostscript is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
ALSA-2024:6197 Moderate: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...
SequenceServer 安全漏洞
SequenceServer is an intuitive graphical web interface from the Yannick Wurm team. It is used to run BLAST bioinformatics tools. A security vulnerability exists in SequenceServer versions prior to 3.1.2 that stems from not properly cleaning up user input and query parameters, which could be...
PT-2024-29895 · Unknown · Sequenceserver
Name of the Vulnerable Software and Affected Versions: SequenceServer versions prior to 3.1.2 Description: The issue arises from several HTTP endpoints not properly sanitizing user input and/or query parameters, which could be exploited to inject and run unwanted shell commands. Recommendations:...
CVE-2024-3659
Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router...
CVE-2024-3659
Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router...
CVE-2024-3659 Command injection in KAON AR2140 routers
Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router...
CVE-2024-3659
CVE-2024-3659 affects KAON AR2140 routers. Firmware versions prior to 3.2.50 and 4.2.16 are vulnerable to a shell command injection via a crafted request to specific endpoints. Exploitation requires access to the device’s administrative portal. Remediation: upgrade to 3.2.50+ or 4.2.16+ (per vend...