Lucene search
K

415 matches found

NVD
NVD
added 2024/09/10 8:15 p.m.46 views

CVE-2024-8504

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective...

8.8CVSS0.75384EPSS
Exploits7References3
CVE
CVE
added 2024/09/10 7:23 p.m.140 views

CVE-2024-8504

CVE-2024-8504 is an authenticated Remote Code Execution in VICIdial (v2.14-917a) via OS command injection. An attacker with agent-level access can run commands as root; the issue can be chained with CVE-2024-8503 (unauthenticated SQLi) to escalate from unauthenticated context. Public sources conf...

8.8CVSS9.4AI score0.75384EPSS
Exploits7References3
RedHat Linux
RedHat Linux
added 2024/09/09 6:33 p.m.8 views

emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...

9.8CVSS5.8AI score0.01312EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/08/22 12:0 a.m.66 views

Ubuntu 14.04 LTS / 16.04 LTS : XStream vulnerabilities (USN-6978-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6978-1 advisory. It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue ...

9.9CVSS7.4AI score0.85001EPSS
Exploits21References16
RedHat Linux
RedHat Linux
added 2024/08/01 8:10 a.m.7 views

emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...

9.8CVSS5.8AI score0.01312EPSS
Exploits0References5
NVD
NVD
added 2024/06/21 8:15 p.m.36 views

CVE-2023-39517

Joplin is a free, open source note taking and to-do application. A Cross site scripting XSS vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer packages/renderer/htmlUtils.ts::sanitizeHtml preserves links. However,...

8.2CVSS0.00476EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/06/21 7:41 p.m.37 views

CVE-2023-39517 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin

Joplin is a free, open source note taking and to-do application. A Cross site scripting XSS vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer packages/renderer/htmlUtils.ts::sanitizeHtml preserves links. However,...

8.2CVSS0.00476EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/06/21 12:0 a.m.5 views

Joplin Security Vulnerabilities

Joplin is an open source notes and to-do list application. A security vulnerability exists in Joplin versions prior to 2.13.3. An attacker can exploit the vulnerability to execute arbitrary shell commands...

9CVSS7.3AI score0.01028EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/06/21 12:0 a.m.4 views

Joplin Security Vulnerabilities

Joplin is an open source notes and to-do list application. A security vulnerability exists in Joplin versions prior to 2.12.8. An attacker can exploit the vulnerability to execute arbitrary shell commands...

8.2CVSS7.3AI score0.00476EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.7 views

Auto-GPT Operating System Command Injection Vulnerability

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. An operating system command injection vulnerability exists in Auto-GPT version 0.5.0 up to and including version 5.1.0, which stems from an improper neutralization of special elements used in...

9.8CVSS8.1AI score0.01427EPSS
Exploits0References3
Veracode
Veracode
added 2024/05/31 4:46 a.m.13 views

Command Injection

swiftmailer/swiftmailer is vulnerable to Command Injection. The vulnerability is due to improper handling of the "From" header when it comes from a non-trusted source and when no "Return-Path" is configured, which allows an attacker to execute arbitrary shell commands...

7.8AI score
Exploits0
NVD
NVD
added 2024/04/22 3:15 p.m.28 views

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

6.1CVSS6.9AI score0.00173EPSS
Exploits0References2
NVD
NVD
added 2024/04/22 3:15 p.m.24 views

CVE-2023-38290

Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203',...

7.8CVSS7.1AI score0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/22 12:0 a.m.16 views

CVE-2023-38290

Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203',...

7.4AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/22 12:0 a.m.5 views

com.evenwell.fqc 安全漏洞

com.evenwell.fqc is a component. A security vulnerability exists in com.evenwell.fqc, which arises from the fact that certain software versions of the device contain a vulnerable pre-installed application com.evenwell.fqc that allows a native third-party application to execute arbitrary shell...

7.8CVSS7.5AI score0.00192EPSS
Exploits0References2
CVE
CVE
added 2024/04/22 12:0 a.m.58 views

CVE-2023-38290

CVE-2023-38290 affects BLU View 2 and Sharp Rouvo V Android devices due to a vulnerable pre-installed com.evenwell.fqc app. The issue: inadequate access control lets local third-party apps execute arbitrary shell commands in the app’s system context without special permissions, enabling actions s...

7.8CVSS7.3AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/22 12:0 a.m.30 views

CVE-2023-38290

Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203',...

7.3AI score0.00192EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.25 views

Fedora 38 : rust (2024-bbb141c1ed)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bbb141c1ed advisory. Security fix for CVE-2024-24576 Windows command injection Tenable has extracted the preceding description block directly from the Fedora security...

10CVSS8.1AI score0.20342EPSS
Exploits10References2
CVE
CVE
added 2024/04/09 5:28 p.m.188 views

CVE-2024-24576

CVE-2024-24576 affects Rust’s standard library on Windows where Command::arg/args escaping for batch files was not thorough enough. This could allow arbitrary shell commands when untrusted input is passed to batch file invocations via cmd.exe, enabling LPE/RCE scenarios as described in PoC and pu...

10CVSS8.9AI score0.20342EPSS
Exploits10References13Affected Software1
Cvelist
Cvelist
added 2024/04/09 5:28 p.m.28 views

CVE-2024-24576 Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows

Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...

10CVSS9.9AI score0.20342EPSS
Exploits10References12
Rows per page
Query Builder