986 matches found
Buffer overflow
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...
Buffer overflow
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...
Buffer overflow
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...
Buffer overflow
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...
Buffer overflow
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...
Buffer overflow
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...
PT-2025-54166
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The amd pmc stb debugfs open v2 function may be called when the STB debug mechanism is enabled. If amd pmc send cmd fails, the buf is not released, leading to a memory leak...
CVE-2022-43396 Apache Kylin: Command injection by Useless configuration
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf...
Apache Kylin 安全漏洞
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. kylin has a command injection vulnerability, the vulnerability stems fr...
PT-2022-6832 · Ce805M · Ce805M
Name of the Vulnerable Software and Affected Versions: CE805M affected versions not specified Description: The issue is related to the incorrect management of code generation in the CMD W REG command handler of the CE A protocol implementation in the CE805M data collection and transmission device...
PT-2022-36293 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.6 through v5.10.155 Description: A memory leak issue was discovered in the Linux Kernel, specifically in the test gen synth cmd and test empty synth event functions. The actual impact and attack plausibility of this...
CVE-2022-4232
A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to...
CVE-2022-4232
A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to...
CVE-2022-4232 SourceCodester Event Registration System unrestricted upload
A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to...
PT-2022-26365 · Sourcecodester · Sourcecodester Event Registration System
Name of the Vulnerable Software and Affected Versions: SourceCodester Event Registration System version 1.0 Description: A critical issue was found, allowing for unrestricted upload through the manipulation of the cmd argument. This can be exploited remotely. Recommendations: For version 1.0,...
SUSE SLES12: kernel-livepatch-4_12_14-150100_197_111-default / etc (SUSE-SU-2022:4112-1)
The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4112-1 advisory. This update for the Linux Kernel 4.12.14-122103 fixes several issues. The following security issues were fixed: - CVE-2021-33655: Fixe...
trace-cmd bug fix and enhancement update
An update is available for trace-cmd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9....
CVE-2022-41716 Unsanitized NUL in environment variables on Windows in syscall and os/exec
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...
go -- syscall, os/exec: unsanitized NUL in environment variables
The Go project reports: syscall, os/exec: unsanitized NUL in environment variables On Windows, syscall.StartProcess and os/exec.Cmd did not properly check for invalid environment variable values. A malicious environment variable value could exploit this behavior to set a value for a different...
Ubuntu 16.04 ESM : Linux kernel (Azure) vulnerabilities (USN-5652-1)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5652-1 advisory. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-...