Lucene search
K

276 matches found

CNNVD
CNNVD
added 2024/04/16 12:0 a.m.7 views

XunRuiCMS 安全漏洞

Xunrui Cloud Software Development XunRuiCMS Xunrui CMS is an open source content management system CMS from China's Xunrui Cloud Software Development Company. A security vulnerability exists in Xunrui CMS 4.6.3 and earlier versions, which originates from a cross-site scripting XSS vulnerability i...

6.1CVSS5.7AI score0.00583EPSS
Exploits1References2
OSV
OSV
added 2024/03/01 8:15 a.m.1 views

CVE-2024-25552

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

7.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2024/01/30 9:15 a.m.5 views

CVE-2023-6943

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...

9.8CVSS6AI score0.01844EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/30 9:9 a.m.4 views

CVE-2023-6943

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...

9.8CVSS9.3AI score0.01844EPSS
Exploits0References3
OSV
OSV
added 2023/12/13 9:15 a.m.22 views

UBUNTU-CVE-2023-31210

Usage of user controlled LDLIBRARYPATH in agent in Checkmk 2.2.0p10 up to 2.2.0p16 allows malicious Checkmk site user to escalate rights via injection of malicious libraries...

8.8CVSS5.6AI score0.00536EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.4 views

Checkmk Security Vulnerabilities

Checkmk is an editor. A security vulnerability exists in Checkmk versions 2.2.0p10 through 2.2.0p16, which stems from the use of user-controlled LDLIBRARYPATH in an agent, allowing an attacker to escalate privileges by injecting a malicious library...

8.8CVSS7AI score0.00536EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.5 views

PT-2023-23233 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.2.0p10 through 2.2.0p16 Description: The issue concerns the usage of user-controlled LD LIBRARY PATH in the agent of Checkmk, allowing a malicious Checkmk site user to escalate rights via the injection of malicious librarie...

8.8CVSS7.3AI score0.00536EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.5 views

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform Code Issue Vulnerability

Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform is a Multi-Service Secure Gateway Intelligent Management Platform from Beijing Baichuo, China. Byzro Networks Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230928 and earlier versio...

8.8CVSS7.2AI score0.0172EPSS
Exploits1References5
OSV
OSV
added 2023/08/08 7:15 p.m.5 views

CVE-2023-40041

TOTOLINK T10v2 5.9c.5061B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cstemodules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code...

9.8CVSS6.2AI score0.00934EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.25 views

Diebold Nixdorf Vynamic View Console Code Issue Vulnerability

The Diebold Nixdorf Vynamic View Console is a system from Diebold Nixdorf that allows remote changes to all PC-based devices via Intel Active Management Technology AMT BIOS management. A security vulnerability exists in Diebold Nixdorf Vynamic View Console v.5.3.1 and prior versions, which...

7.8CVSS7.5AI score0.00395EPSS
Exploits2References4
OSV
OSV
added 2023/07/06 9:5 p.m.97 views

GHSA-JQHC-M2J3-FJRX SQLFluff users with access to config file, using `libary_path` may call arbitrary python code

Impact In environments where untrusted users have access to the config files e.g. .sqlfluff, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. Jinja macros are executed within a sandboxed...

6.3CVSS7.1AI score0.00414EPSS
Exploits1References6
NVD
NVD
added 2023/07/06 4:15 p.m.73 views

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.1AI score0.00414EPSS
Exploits1References2
OSV
OSV
added 2023/07/06 4:15 p.m.4 views

DEBIAN-CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.8AI score0.00414EPSS
Exploits1References1
PyPA
PyPA
added 2023/07/06 4:15 p.m.9 views

PYSEC-2023-111

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.6AI score0.00414EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/07/06 4:15 p.m.5 views

UBUNTU-CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS6AI score0.00414EPSS
Exploits1References4
OSV
OSV
added 2023/07/06 4:15 p.m.8 views

PYSEC-2023-111

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.2AI score0.00414EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2023/07/06 3:3 p.m.39 views

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.8AI score0.00414EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.8 views

PT-2023-25720 · Sqlfluff +1 · Sqlfluff +1

Name of the Vulnerable Software and Affected Versions: SQLFluff versions prior to 2.1.2 Description: In environments where untrusted users have access to the config files, there is a potential security issue where those users could use the library path config value to allow arbitrary python code ...

7.8CVSS7.6AI score0.00414EPSS
Exploits1References17
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.18 views

SQLFluff 注入漏洞

SQLFluff is a dialect-flexible and configurable SQL linter. An injection vulnerability exists in SQLFluff versions prior to 2.1.2 that stems from allowing an attacker to call arbitrary python code via libarypath...

7.8CVSS7.7AI score0.00414EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/06/30 12:0 a.m.7 views

PT-2023-22169 · Malwarebytes · Malwarebytes Edr

Name of the Vulnerable Software and Affected Versions: Malwarebytes EDR version 1.0.11 for Linux Description: The Malwarebytes EDR for Linux driver doesn't properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. An attacker can exploit...

7.8CVSS7.7AI score0.00314EPSS
Exploits0References6
Rows per page
Query Builder