Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-7018-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7018-1 advisory. Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie- Hellman ciphersuites in the TLS specification and...

CVE-2024-8957

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...

CVE-2024-8957 PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...

CVE-2024-5998

A vulnerability in the FAISS.deserializefrombytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product...

CVE-2024-45496

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An...

CVE-2024-8957

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...

PT-2024-37303 · Langchain Ai · Langchain

Name of the Vulnerable Software and Affected Versions: langchain-ai/langchain versions prior to 0.2.4 Description: A vulnerability in the FAISS.deserialize from bytes function allows for pickle deserialization of untrusted data, which can lead to the execution of arbitrary commands via the...

CVE-2024-45496

CVE-2024-45496 is an OpenShift OpenShift Controller Manager issue describing elevated privileges in the build process. The root cause is the git-clone container running with a privileged security context during build initialization, allowing a crafted .gitconfig to execute commands during cloning...

CVE-2024-45496

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An...

The vulnerability of the Python interpreter of the Cisco NX-OS operating system for Cisco Nexus switches allows a hacker to execute arbitrary commands.

The vulnerability of the Python interpreter in the Cisco NX-OS operating system of Cisco Nexus switches is related to insufficient spatial separation. Exploiting this vulnerability could allow an attacker to execute arbitrary commands in the basic operating system...

Tenda FH451 Command Injection Vulnerability

The Tenda FH451 is a router from the Chinese company Tenda. The Tenda FH451 suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system by sending a specially crafted request...

The vulnerability of the Bash command shell on the Cisco NX-OS operating system of Cisco Nexus 3000 and Nexus 9000 switches allows a hacker to execute arbitrary commands.

The vulnerability of the Bash command shell on the Cisco NX-OS operating system of Cisco Nexus 3000 and Nexus 9000 switches is related to the absence of authentication. Exploiting this vulnerability allows an attacker to execute arbitrary commands in the basic operating system...

The vulnerability of the Python interpreter of the Cisco NX-OS operating system for Cisco Nexus switches allows a hacker to execute arbitrary commands.

The vulnerability of the Python interpreter in the Cisco NX-OS operating system of Cisco Nexus switches is related to a breach in the data protection mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary commands in the underlying operating system...

Fortinet FortiClientEMS Command Injection Vulnerability

Fortinet FortiClientEMS is part of Fortinet's Endpoint Management solution from Fortinet, a U.S.-based company, and is designed to help organizations effectively manage endpoint devices in their networks and provide monitoring and control of endpoint security. A command injection vulnerability...

D-Link DI-8300 upgrade_filter_asp Function Command Injection Vulnerability

The D-Link DI-8300 is a wireless broadband router designed for small to medium-sized network environments from China's D-Link. A command injection vulnerability exists in the D-Link DI-8300 version v16.07.26A1, which stems from the upgradefilterasp function failing to properly filter constructor...

D-Link DI-8300 msp_info_htm Function Command Injection Vulnerability

The D-Link DI-8300 is a wireless broadband router designed for small to medium-sized network environments from China's D-Link. A command injection vulnerability exists in the D-Link DI-8300 version v16.07.26A1, which stems from the mspinfohtm function failing to properly filter construct command...

The vulnerability of the File Transfer Protocol (FTP) implementation in the microprogrammed network devices of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN allows a perpetrator to execute arbitrary commands.

The vulnerability of the File Transfer Protocol FTP implementation in the microprogrammed network devices Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability...

Improper Encoding (Escaping Of Output)

Apache Airflow is vulnerable to Improper Encoding Escaping of Output. The vulnerability is due to the example DAG exampleinleteventextra.py allowing authenticated attackers with DAG trigger permissions to execute arbitrary commands...

D-Link DI-8300 安全漏洞

The D-Link DI-8300 is a wireless broadband router designed for small to medium-sized network environments from China's D-Link. A command injection vulnerability exists in the D-Link DI-8300 version v16.07.26A1, which stems from the mspinfohtm function failing to properly filter construct command...

D-Link DI-8100G Command Injection Vulnerability

D-Link DI-8100G is a broadband router designed for small and medium-sized network environments, supporting multi-line bandwidth overlay, PPPoE/WEB authentication billing, intelligent traffic control, Internet behavior management and other functions. The D-Link DI-8100G suffers from a command...