Lucene search
K

174 matches found

Debian
Debian
added 2024/03/25 12:47 p.m.29 views

[SECURITY] [DLA 3773-1] freeipa security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3773-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 25, 2024 https://wiki.debian.org/LTS -...

5.3CVSS5.3AI score0.0111EPSS
Exploits1
CNNVD
CNNVD
added 2023/08/09 12:0 a.m.17 views

Paessler PRTG Network Monitor Command Injection Vulnerability

Paessler PRTG Network Monitor is a full-featured network monitoring and management software from Paessler, Germany. A command injection vulnerability exists in Paessler PRTG Network Monitor version 23.2.83.1760, which stems from command line parameter injection and undocumented debug feature flag...

7.2CVSS7.7AI score0.12342EPSS
Exploits3References3
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/05/05 5:0 a.m.31 views

Bullied by Bugcrowd over Kape CyberGhost disclosure

TL;DR The CyberGhost VPN client suffers from an elevation of privilege vulnerability and is filed under CVE-2023-30237. A specially crafted JSON payload sent to the CyberGhost RPC service can lead to command line injection when the OpenVPN process is launched, leading to full system compromise. T...

4.3CVSS8.3AI score0.00401EPSS
Exploits1
Prion
Prion
added 2023/04/16 12:15 a.m.12 views

Remote code execution

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution...

6.4CVSS7.2AI score0.01569EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.6 views

SUSE CVE-2018-1002101

In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection...

9.8CVSS7.1AI score0.04107EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/02 12:0 a.m.7 views

SwiftTerm 安全漏洞

SwiftTerm is a VT100/Xterm terminal emulator library for Swift applications from the individual developer Miguel de Icaza. SwiftTerm suffers from a security vulnerability that stems from the fact that an attacker can modify the window title with a specific character escape sequence and then inser...

7.8CVSS7.7AI score0.0043EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/09/30 4:29 a.m.30 views

NuProcess vulnerable to command-line injection through insertion of NUL character(s)

Impact In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's ProcessBuilder isn't vulnerable because of a check in...

9.8CVSS9.2AI score0.01177EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/09/26 2:15 p.m.101 views

UBUNTU-CVE-2022-39243

NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...

9.8CVSS6AI score0.01177EPSS
Exploits1References5
Prion
Prion
added 2022/09/26 2:15 p.m.15 views

Design/Logic Flaw

NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...

7.5CVSS9.7AI score0.01177EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/26 1:25 p.m.6 views

CVE-2022-39243 NuProcess vulnerable to command-line injection through insertion of NUL character(s)

NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...

8.4CVSS9.9AI score0.01177EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/09/26 1:25 p.m.61 views

CVE-2022-39243 NuProcess vulnerable to command-line injection through insertion of NUL character(s)

NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...

8.4CVSS10AI score0.01177EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/09/26 12:0 a.m.4 views

PT-2022-24837 · Nuprocess · Nuprocess

Name of the Vulnerable Software and Affected Versions: NuProcess versions 1.2.0 through 2.0.4 Description: NuProcess is an external process execution implementation for Java that is vulnerable to command line injection attacks. Attackers can use NUL characters in their strings to inject command...

9.8CVSS9.3AI score0.01177EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2022/08/31 2:55 p.m.5 views

CVE-2022-36035 Flux CLI Workload Injection

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration like Git repositories, and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allow...

7.7CVSS7.8AI score0.00306EPSS
Exploits0References2
CNVD
CNVD
added 2022/04/20 12:0 a.m.48 views

ThoughtWorks GoCD Information Disclosure Vulnerability

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. An information disclosure vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker with the right to create a new pipeline on the GoCD server by abusing the Git U...

7.5CVSS1.6AI score0.28039EPSS
Exploits2References1
OSV
OSV
added 2022/04/14 1:15 p.m.20 views

CVE-2021-43286

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

8.8CVSS7.7AI score
Exploits0References4
Cvelist
Cvelist
added 2022/04/14 12:55 p.m.19 views

CVE-2021-43286

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code...

9.2AI score0.02715EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.6 views

ThoughtWorks GoCD 信息泄露漏洞

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. An information disclosure vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker with the right to create a new pipeline on the GoCD server by abusing the Git U...

7.5CVSS8.1AI score0.28039EPSS
Exploits2References4
Prion
Prion
added 2020/10/02 9:15 a.m.13 views

Design/Logic Flaw

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

10CVSS9.7AI score0.7465EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/02 8:11 a.m.43 views

CVE-2020-12124

A remote command-line injection vulnerability in the /cgi-bin/liveapi.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication...

9.8AI score0.7465EPSS
Exploits0References2
CVE
CVE
added 2020/10/02 8:11 a.m.80 views

CVE-2020-12124

Summary of verified details : The WAVLINK WN530H4 device is affected by a remote command-injection vulnerability in the /cgi-bin/live_api.cgi endpoint. Technical content in the connected nuclei template confirms unauthenticated command execution as root, with high-risk impact. The vulnerability a...

10CVSS9.7AI score0.7465EPSS
In wildExploits0References2Affected Software1
Rows per page
Query Builder