Lucene search
K

144 matches found

CNNVD
CNNVD
added 2021/05/26 12:0 a.m.4 views

Versa Director 命令注入漏洞

Versa Networks Versa Director is a virtualization and service creation platform from Versa Networks, USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. A command injection vulnerability exists in Versa Director, which stems from a failure to make valid...

10CVSS8.4AI score0.02713EPSS
Exploits0References1
OSV
OSV
added 2021/05/06 3:55 p.m.4 views

GHSA-XFXF-QW26-HR33 Arbitrary command execution in roar-pidusage

This affects all current versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without inpu...

5.6CVSS7.3AI score0.01151EPSS
Exploits1References4
CNVD
CNVD
added 2021/04/29 12:0 a.m.7 views

Cisco Firepower Threat Defense Command Injection Vulnerability

Cisco Firepower Threat Defense FTD is unified software that provides next-generation firewall services. A command injection vulnerability exists in the CLI of Cisco Firepower Threat Defense, which can be exploited by an attacker to execute commands with root privileges on the underlying operating...

7.8CVSS7.6AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2021/04/18 7:15 p.m.4 views

CVE-2021-23375

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS6AI score0.01336EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/04/18 6:40 p.m.4 views

CVE-2021-23379

This affects all versions of package portkiller. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS5.8AI score0.01336EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/04/18 6:39 p.m.3 views

CVE-2021-23378

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS5.8AI score0.01943EPSS
Exploits1References3
OSV
OSV
added 2021/03/04 4:53 p.m.8 views

MGASA-2021-0108 Updated openssl and compat-openssl10 packages fix security vulnerabilities

Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service CVE-2021-23840. Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer...

7.5CVSS6.7AI score0.50732EPSS
Exploits0References4
Veracode
Veracode
added 2020/11/06 6:29 a.m.13 views

Denial Of Service (DoS)

github.com/russellhaering/gosaml2 is vulnerable to denial of service. A NULL pointer dereference allows an attacker to crash the application via a malicious input...

7.5CVSS4.2AI score0.01662EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/06/03 2:15 p.m.19 views

CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

9.8CVSS8.2AI score
Exploits0References5
Prion
Prion
added 2020/06/03 2:15 p.m.19 views

Remote code execution

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...

7.5CVSS9.8AI score0.55084EPSS
Exploits4References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/06/03 12:0 a.m.99 views

CVE-2020-13756

Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

9.8CVSS5.8AI score0.55084EPSS
In wildExploits4References5
NVD
NVD
added 2019/12/18 9:15 p.m.16 views

CVE-2019-15598

A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

9.8CVSS9.8AI score0.02742EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/06/10 4:56 p.m.7 views

xterm.js: Mishandling of special characters allows for remote code execution

It was found that xterm.js does not sanitize terminal escape sequences in browser terminals allowing for execution of arbitrary commands. An attacker could exploit this by convincing a user with a xterm.js browser terminal to display an escape sequence by, for example, reading a from a log file...

8.8CVSS6AI score0.03178EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/05/14 12:8 p.m.26 views

CVE-2018-3836

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that pass...

7.8CVSS4.6AI score0.01452EPSS
Exploits1References2
OSV
OSV
added 2019/02/12 3:36 p.m.3 views

GHSA-WH4H-V3F2-R2PP Uncontrolled Memory Consumption in Django

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...

8.7CVSS6.8AI score0.05399EPSS
Exploits0References17
OSV
OSV
added 2019/02/11 1:29 p.m.4 views

PYSEC-2019-88

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...

5.9AI score
Exploits0References10
OSV
OSV
added 2019/02/11 1:29 p.m.5 views

PYSEC-2019-18

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...

7.5CVSS6.8AI score0.05399EPSS
Exploits0References11
OSV
OSV
added 2019/02/11 1:29 p.m.3 views

ALPINE-CVE-2019-6975

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...

7.5CVSS7AI score0.05399EPSS
Exploits0References1
PyPA
PyPA
added 2019/02/11 1:29 p.m.10 views

PYSEC-2019-18

Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...

7.5CVSS6.9AI score0.05399EPSS
Exploits0References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.23 views

Joomla! 3.0.x < 3.7.0 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists in the JMail API due to PHPMail version information being included in mail headers. An unauthenticated, remote attacker can exploit this to disclose sensitive...

6.5CVSS6.5AI score0.01333EPSS
Exploits2References13
Rows per page
Query Builder