65 matches found
EUVD-2024-3341
Malicious code in bioql PyPI...
EUVD-2025-28570
Malicious code in bioql PyPI...
EUVD-2022-4041
Malicious code in bioql PyPI...
CVE-2025-10657 Docker Desktop with ECI Fails to Enforce Socket Command Restrictions
In a hardened Docker environment, with Enhanced Container Isolation ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ enabled, an administrator can utilize the command restrictions feature...
Linux Distros Unpatched Vulnerability : CVE-2022-42717
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configure...
Cisco Secure Firewall Management Center Software Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficie...
[SECURITY] Fedora 41 Update: sudo-1.9.17-2.p1.fc41
Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...
CVE-2023-1862
Cloudflare WARP client for Windows up to v2023.3.381.0 allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining...
CVE-2021-33885
An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of...
CVE-2020-26606
An issue was discovered on Samsung mobile devices with O8.x, P9.0, Q10.0, and R11.0 software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 October 2020...
CVE-2024-49202
Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0...
CVE-2024-20424
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...
PT-2024-7340 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter
Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Series Analog Telephone Adapter firmware affected versions not specified Description: The issue exists due to the lack of proper sanitization of CLI input, allowing an attacker to execute arbitrary commands as the root user by...
UBUNTU-CVE-2024-45044
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation i.e. "w" for "whoami" the ACL check did not apply to the full form i.e. "whoami" but to the abbreviated...
PT-2024-31395 · Bareos · Bareos
Name of the Vulnerable Software and Affected Versions: Bareos versions prior to 21.1.11 Bareos versions prior to 22.1.6 Bareos versions prior to 23.0.4 Description: The issue concerns the command ACL in Bareos, where command restrictions can be bypassed using abbreviations. When a command ACL is ...
SolarWinds Web Help Desk 代码问题漏洞
SolarWinds Web Help Desk is a suite of help desk and asset management software from US-based SolarWinds. The software supports centralized knowledge base, IT asset management, project and task management, and other features. A code issue vulnerability exists in SolarWinds Web Help Desk 12.8.3 and...
USN-6714-1 debian-goodies vulnerability
It was discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands...
CVE-2024-27356
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300,...
Indu-Sol PROFINET-INspektor NT Security Vulnerability
The Indu-Sol PROFINET-INspektor NT is an analysis and test set for PROFINET communication verification, acceptance, quality checking and monitoring from Indu-Sol, Germany. A security vulnerability exists in Indu-Sol PROFINET-INspektor NT version 2.4.0 and earlier, which stems from a command...
EC-WEB FS-EZViewer SQL Injection Vulnerability
EC-WEB FS-EZViewer is an online document viewing application. EC-WEB FS-EZViewer suffers from a SQL injection vulnerability that stems from a lack of proper restrictions on user input. A remote attacker could use this vulnerability to inject SQL commands to read, modify, and delete database recor...