1819 matches found
CVE-2025-23196 Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition
A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using sh -c. An attacker with authenticated...
PT-2025-4838 · Ambari · Ambari
Name of the Vulnerable Software and Affected Versions: Ambari affected versions not specified Description: A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when...
CVE-2024-13502 A command injection in the NTC2218, NTC2250, NTC2299 modems' web interfaces allows to exeucte arbitrary shell commands.
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The commitmulticast pa...
CVE-2024-45331
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1...
CVE-2024-45331
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1...
CVE-2024-45331
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1...
CVE-2024-33503
A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of...
CVE-2024-33503
A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of...
CVE-2024-33503
A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of...
PT-2025-2688 · Fortinet · Fortimanager +2
Name of the Vulnerable Software and Affected Versions: Fortinet FortiAnalyzer versions 6.4.0 through 6.4.15 Fortinet FortiAnalyzer versions 7.0.0 through 7.0.13 Fortinet FortiAnalyzer versions 7.2.0 through 7.2.5 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3 Fortinet FortiManager versions...
Fortinet FortiManager和FortiAnalyzer 安全漏洞
Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains AD...
OESA-2024-2496 perl-Module-ScanDeps security update
This module scans potential modules used by perl programs, and returns a hash reference; its keys are the module names as appears in %INC e.g. Test/More.pm; the values are hash references. Security Fixes: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps,...
The vulnerability of the needrestart utility, which stems from the failure to take measures to neutralize special elements used in the operating system’s command line, allows a malicious user to execute arbitrary shell commands with root privileges.
The vulnerability of the needrestart utility is related to the failure to take measures to neutralize special elements used in the operating system’s command syntax. Exploiting this vulnerability allows an attacker to execute arbitrary shell commands with root privileges...
CVE-2024-10224
A flaw was found in the Module-ScanDeps package. Due to the handling of unsanitized input, a local attacker can execute arbitrary shell commands or potentially escalate privileges on the host...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...
CVE-2024-10224
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...
CVE-2024-11003
Qualys-identified vulnerability in needrestart (before version 3.8): unsanitized input passed to Modules::ScanDeps can allow a local user to run arbitrary shell commands. The root cause is unsafe data handling by needrestart feeding Modules::ScanDeps, enabling command execution on the host with l...
CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...
CVE-2024-11003
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...