7632 matches found
GO-2024-3286 Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes
Kubernetes kubelet arbitrary command execution in k8s.io/kubernetes...
The vulnerability of the Netgear DGN1000WW router’s built-in software, related to improper code generation, allows a hacker to execute arbitrary commands.
The vulnerability of the Netgear DGN1000WW router’s built-in software is related to incorrect code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...
TOTOLINK X6000R has an unspecified vulnerability
TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X6000R, which stems from a failure to strictly filter the parameters of the UciSet Str function, and can be exploited by an attacker to execute arbitrary commands by...
AZL-53528 CVE-2024-10220 affecting package kubernetes for versions less than 1.30.3-1
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
CVE-2024-10220
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
CVE-2024-10220
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
AZL-53652 CVE-2024-10220 affecting package kubernetes for versions less than 1.28.4-14
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
UBUNTU-CVE-2024-10220
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
CVE-2024-10220 Arbitrary command execution through gitRepo volume
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
CVE-2024-10220 Arbitrary command execution through gitRepo volume
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
CVE-2024-10220
CVE-2024-10220 – Kubernetes kubelet command execution via gitRepo volumes . Affects kubelet up to version 1.28.11 and 1.29.0–1.29.6 and 1.30.0–1.30.2. The issue allows arbitrary command execution through specially crafted gitRepo volumes in kubelet. Root cause: path traversal in how gitRepo volum...
CVE-2024-10220
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
CVE-2024-52723
In TOTOLINK X6000R V9.4.0cu.1041B20240224 in the shttpd file, the UciSet Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload...
CVE-2024-52723
In TOTOLINK X6000R V9.4.0cu.1041B20240224 in the shttpd file, the UciSet Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload...
SUSE CVE-2024-10220
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...
D-LINK DI-8400 Remote Command Execution Vulnerability
The D-LINK DI-8400 is an American D-Link router device for home and small business network connectivity. Multiple remote command execution vulnerabilities exist in the mspinfohtm function in the D-LINK DI-8400 version v16.07.26A1 via the flag and cmd parameters. A remote attacker can exploit this...
QNAP Systems Notes Station 安全漏洞
QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from a command injection vulnerability, which stems from the application faili...
CVE-2024-52723
In TOTOLINK X6000R, affected firmware 9.4.0cu.1041_B20240224, the vulnerability stems from using the Uci_Set Str function in the shttpd file without strict parameter filtering. This can allow an attacker to craft a payload that leads to arbitrary command execution (remote, network-based access; n...
PT-2024-35418 · Totolink · Totolink X6000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.1041 B20240224 Description: The issue arises from the use of the Uci Set function without strict parameter filtering in the shttpd file. This allows an attacker to achieve arbitrary command execution by...
CVE-2024-52723
In TOTOLINK X6000R V9.4.0cu.1041B20240224 in the shttpd file, the UciSet Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload...