Lucene search
K

79 matches found

Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.32 views

RHEL 8 : firefox (RHSA-2023:0294)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0294 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.8CVSS8.1AI score0.00892EPSS
Exploits0References18
OpenVAS
OpenVAS
added 2023/01/18 12:0 a.m.30 views

Mozilla Firefox Security Advisories (MFSA2022-54, MFSA2023-02) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

8.8CVSS8.8AI score0.00702EPSS
Exploits0References1
Veracode
Veracode
added 2022/10/03 3:38 a.m.20 views

Malicious Command Execution

xxl-job-core is vulnerable to malicious command execution. Lack of sanitization of new task in task management module of the background management allows an attacker to inject and execute malicious commands...

9.8CVSS9.2AI score0.01214EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2022/08/11 6:6 a.m.23 views

Command Injection

mc-kill-port is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of the port argument allowing an attacker to inject malicious command via the kill function...

7.8CVSS4.3AI score0.00452EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/27 5:48 p.m.42 views

CVE-2022-28171

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device...

7.5CVSS9.9AI score0.49858EPSS
Exploits6References3
GithubExploit
GithubExploit
added 2022/06/09 9:32 a.m.446 views

Exploit for CVE-2022-30190

...

9.3CVSS7.7AI score0.99374EPSS
Exploits62
Veracode
Veracode
added 2022/05/04 3:5 p.m.26 views

Command Injection

git-pull-or-clone is vulnerable to command injection. A remote attacker is able to inject malicious command-line arguments to be executed on the OS through the gitClone function via the --upload-pack feature of git...

9.8CVSS4.9AI score0.03865EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/04/01 11:15 p.m.3 views

CVE-2021-32937

An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be...

7.5CVSS5.8AI score0.01024EPSS
Exploits0References1
NVD
NVD
added 2022/04/01 11:15 p.m.12 views

CVE-2021-32937

An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be...

7.5CVSS0.01024EPSS
Exploits0References1
OSV
OSV
added 2022/02/11 11:41 p.m.8 views

GHSA-FQFH-778M-2V32 GitHub CLI can execute a git binary from the current directory

Impact GitHub CLI depends on a git.exe executable being found in system %PATH% on Windows. However, if a malicious .\git.exe or .\git.bat is found in the current working directory at the time of running gh, the malicious command will be invoked instead of the system one. Windows users who run gh...

7.1AI score
Exploits0References1
Cvelist
Cvelist
added 2022/01/07 10:39 p.m.20 views

CVE-2021-40000

The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end...

9.1AI score0.00384EPSS
Exploits0References1
CVE
CVE
added 2022/01/07 10:39 p.m.52 views

CVE-2021-40000

CVE-2021-40000 concerns Huawei HarmonyOS Wearables. The issue is an out-of-bounds write in the Bluetooth module, with possible remote command execution at the device end. Documented sources (NVD/CNNVD/CNVD) identify the Bluetooth module as affected and describe the impact as remote code execution...

8.8CVSS8.9AI score0.00384EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/29 11:9 a.m.22 views

CVE-2021-22037

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path...

7.8AI score0.0028EPSS
Exploits0References1
Veracode
Veracode
added 2021/08/18 3:48 a.m.4 views

Remote Code Execution (RCE)

@diez/generation is vulnerable to remote code execution. An attacker is able to inject and execute malicious command via the locateFont method...

7CVSS8.1AI score0.01923EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2021/06/11 10:33 a.m.17 views

Privilege Escalation

billz/raspap-webgui is vulnerable to privilege escalation. An authenticated attacker is able to inject malicious command to /installers/common.sh component, leading to a remote code execution with root level permission...

8.8CVSS5AI score0.05347EPSS
Exploits1References9Affected Software1
Veracode
Veracode
added 2021/04/07 8:25 a.m.17 views

OS Command Injection

@prisma/sdk is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary code on the host OS by sending a malicious command via the function getPackedPackage...

7.7CVSS4.4AI score0.02073EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2021/03/23 1:54 a.m.22 views

Remote Code Execution (RCE)

github.com/michaelmure/git-bug is vulnerable to remote code execution. The vulnerability exists due to an uncontrolled search path element. An attacker may craft a malicious git.bat command, commit it and push it in a repository and it will be executed when it is searched...

9.8CVSS2.9AI score0.01719EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2021/02/24 2:11 a.m.12 views

Command Injection

wc-cmd is vulnerable to command injection. An attacker is able to inject and execute malicious command via the index.js file...

4.7AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/12/10 9:38 p.m.20 views

CVE-2020-29311

Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software...

9.8AI score0.06291EPSS
Exploits1References3
NVD
NVD
added 2020/06/16 8:15 p.m.22 views

CVE-2020-7500

A CWE-89:Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability exists in U.motion Servers and Touch Panels affected versions listed in the security notification which could cause arbitrary code to be executed when a malicious command is entered...

9.8CVSS0.01902EPSS
Exploits0References1
Rows per page
Query Builder