7638 matches found
Amazon Linux 2022 : openssl, openssl-devel, openssl-libs (ALAS2022-2022-123)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-123 advisory. A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through...
CVE-2022-36640
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint...
CVE-2022-36640
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint...
Dell SmartFabric storage software command injection vulnerability
Dell SmartFabric Storage Software is a stand-alone storage software solution from Dell USA. A command injection vulnerability exists in Dell SmartFabric storage software version 1.0.0, which arises from a failure of a network system or product to properly filter special characters, commands, etc...
Deserialization Of Untrusted Data
Apache Hadoop YARN Server is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists in deserializeObject function in ZKConfigurationStore.java due to unsafe deserialization of data in ZooKeeper that is not being validated which allows an attacker to run arbitrary commands as YA...
Dell Container Storage Modules 操作系统命令注入漏洞
Dell Container Storage Modules is a set of modules from Dell USA. Dell Container Storage Modules version 1.2 contains an operating system command injection vulnerability, which stems from a failure to properly filter constructed command special characters, commands, etc. in the goiscsi and gobric...
Wavlink WL-WN575A3 操作系统命令注入漏洞
WAVLINK WL-WN575A3 is a wireless network signal extender from China RuiYin Technology WAVLINK. An operating system command injection vulnerability exists in the Wavlink WL-WN575A3 RPT75A3.V4300.201217 version, which stems from a command injection vulnerability found when manipulating the adm.cgi...
CVE-2022-34919
CVE-2022-34919 affects Zengenti Contensis Classic before 15.2.1.79. The vulnerability lies in the file upload wizard, which does not properly verify that the user is authenticated, enabling a crafted aspx file to execute arbitrary commands. The issue is evidenced by public disclosures with a CVSS...
CVE-2022-30547
A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-30534
An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-30547
A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...
Command injection
An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...
Directory traversal
A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...
Command injection
An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...
EUVD-2022-35638
An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-32572
CVE-2022-32572 affects WWBN AVideo 11.6 and dev master commit 3f7c0364, with an OS command injection in aVideoEncoder wget functionality. The root cause is unsanitized user-controlled downloadURL passed to wget, enabling arbitrary command execution when the URL is processed by the wget helper. TA...
CVE-2022-30547
A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-30547
CVE-2022-30547 affects WWBN AVideo 11.6 and dev master commit 3f7c0364. The unzipDirectory function unzips uploaded ZIPs without validating path traversal, allowing arbitrary code execution via crafted archives (e.g., files placed as ../shell.php). Talos confirms vulnerability in aVideoEncoder.un...
CVE-2022-30534
An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-30534
An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...