144 matches found
Versa Director 命令注入漏洞
Versa Networks Versa Director is a virtualization and service creation platform from Versa Networks, USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. A command injection vulnerability exists in Versa Director, which stems from a failure to make valid...
GHSA-XFXF-QW26-HR33 Arbitrary command execution in roar-pidusage
This affects all current versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without inpu...
Cisco Firepower Threat Defense Command Injection Vulnerability
Cisco Firepower Threat Defense FTD is unified software that provides next-generation firewall services. A command injection vulnerability exists in the CLI of Cisco Firepower Threat Defense, which can be exploited by an attacker to execute commands with root privileges on the underlying operating...
CVE-2021-23375
This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23379
This affects all versions of package portkiller. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23378
This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
MGASA-2021-0108 Updated openssl and compat-openssl10 packages fix security vulnerabilities
Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service CVE-2021-23840. Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer...
Denial Of Service (DoS)
github.com/russellhaering/gosaml2 is vulnerable to denial of service. A NULL pointer dereference allows an attacker to crash the application via a malicious input...
CVE-2020-13756
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...
Remote code execution
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker...
CVE-2020-13756
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or getSelectorsBySpecificity is called with input from an attacker. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...
CVE-2019-15598
A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command...
xterm.js: Mishandling of special characters allows for remote code execution
It was found that xterm.js does not sanitize terminal escape sequences in browser terminals allowing for execution of arbitrary commands. An attacker could exploit this by convincing a user with a xterm.js browser terminal to display an escape sequence by, for example, reading a from a log file...
CVE-2018-3836
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that pass...
GHSA-WH4H-V3F2-R2PP Uncontrolled Memory Consumption in Django
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...
PYSEC-2019-88
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...
PYSEC-2019-18
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...
ALPINE-CVE-2019-6975
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...
PYSEC-2019-18
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format function...
Joomla! 3.0.x < 3.7.0 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists in the JMail API due to PHPMail version information being included in mail headers. An unauthenticated, remote attacker can exploit this to disclose sensitive...