79 matches found
VMware Aria Operations 安全漏洞
VMware Aria Operations is a unified, artificial intelligence-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware. A security vulnerability exists in VMware Aria Operations that originates from a malicious command that can be inserted...
CVE-2024-48074
An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function...
MAL-2024-8932 Malicious code in @the-c-company/common-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e18cae6ce0c3de2fe7988c316471f5383433deaa0e8b9bf0376b69b634188218 The OpenSSF Package Analysis project identified '@the-c-company/common-utils' @ 1.0.0 npm as malicious. It is considered malicious because: - Th...
Malicious code in cra-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e49ccaa79a7296b7f1237beb3210cabf6610aab5c68e2c349b1fff4d3b2bb332 The OpenSSF Package Analysis project identified 'cra-docs' @ 7.999.45 npm as malicious. It is considered malicious because: - The package...
Information Exposure
gitlab:sid is vulnerable to Information Exposure. The vulnerability due to read the source code of a project by using attackeraccesstoken and login to Victim account sets the Repository. It allows an attacker execute the malicious command with attacker account...
coreBOS Security Vulnerabilities
coreBOS is a JPL TSolucio open source commercial software capable of managing daily business needs. A security vulnerability exists in coreBOS version 8.0 and earlier versions. An attacker could exploit the vulnerability to inject malicious commands into tables...
GHSA-95RP-6GQP-6622 Command Injection Vulnerability in find-exec
Older versions of the package are vulnerable to Command Injection as an attacker controlled parameter. As a result, attackers may run malicious commands. For example: const find = require"find-exec"; find"mplayer; touch hacked" This creates a file named "hacked" on the filesystem. You should neve...
Command injection
Sengled Dimmer Switch V0.0.9 contains a denial of service DOS vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery...
CVE-2023-29779
CVE-2023-29779 affects Sengled Dimmer Switch V0.0.9. Vulnerability allows a remote attacker to send malicious Zigbee messages that crash the device and cause it to report status repeatedly, ultimately draining the battery after the Set_short_poll_interval command. No exploit details are provided ...
AlmaLinux 8 : thunderbird (ALSA-2023:0463)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:0463 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox console.log allowed...
RHEL 9 : thunderbird (RHSA-2023:0476)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0476 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fixes: Mozilla:...
thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...
RHEL 9 : thunderbird (RHSA-2023:0461)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0461 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fixes: Mozilla:...
RHEL 8 : thunderbird (RHSA-2023:0460)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0460 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fixes: Mozilla:...
RHEL 8 : thunderbird (RHSA-2023:0457)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0457 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Security Fixes: Mozilla:...
Mozilla: Malicious command could be hidden in devtools output
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 8 : firefox (RHSA-2023:0294)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0294 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
RHEL 7 : firefox (RHSA-2023:0296)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0296 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
RHEL 9 : firefox (RHSA-2023:0285)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0285 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...