79 matches found
RHEL 8 : firefox (RHSA-2023:0294)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:0294 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Mozilla Firefox Security Advisories (MFSA2022-54, MFSA2023-02) - Windows
Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...
Malicious Command Execution
xxl-job-core is vulnerable to malicious command execution. Lack of sanitization of new task in task management module of the background management allows an attacker to inject and execute malicious commands...
Command Injection
mc-kill-port is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of the port argument allowing an attacker to inject malicious command via the kill function...
CVE-2022-28171
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device...
Exploit for CVE-2022-30190
...
Command Injection
git-pull-or-clone is vulnerable to command injection. A remote attacker is able to inject malicious command-line arguments to be executed on the OS through the gitClone function via the --upload-pack feature of git...
CVE-2021-32937
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be...
CVE-2021-32937
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be...
GHSA-FQFH-778M-2V32 GitHub CLI can execute a git binary from the current directory
Impact GitHub CLI depends on a git.exe executable being found in system %PATH% on Windows. However, if a malicious .\git.exe or .\git.bat is found in the current working directory at the time of running gh, the malicious command will be invoked instead of the system one. Windows users who run gh...
CVE-2021-40000
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end...
CVE-2021-40000
CVE-2021-40000 concerns Huawei HarmonyOS Wearables. The issue is an out-of-bounds write in the Bluetooth module, with possible remote command execution at the device end. Documented sources (NVD/CNNVD/CNVD) identify the Bluetooth module as affected and describe the impact as remote code execution...
CVE-2021-22037
Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path...
Remote Code Execution (RCE)
@diez/generation is vulnerable to remote code execution. An attacker is able to inject and execute malicious command via the locateFont method...
Privilege Escalation
billz/raspap-webgui is vulnerable to privilege escalation. An authenticated attacker is able to inject malicious command to /installers/common.sh component, leading to a remote code execution with root level permission...
OS Command Injection
@prisma/sdk is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary code on the host OS by sending a malicious command via the function getPackedPackage...
Remote Code Execution (RCE)
github.com/michaelmure/git-bug is vulnerable to remote code execution. The vulnerability exists due to an uncontrolled search path element. An attacker may craft a malicious git.bat command, commit it and push it in a repository and it will be executed when it is searched...
Command Injection
wc-cmd is vulnerable to command injection. An attacker is able to inject and execute malicious command via the index.js file...
CVE-2020-29311
Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that is injected inside the config file and being triggered by another part of the software...
CVE-2020-7500
A CWE-89:Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability exists in U.motion Servers and Touch Panels affected versions listed in the security notification which could cause arbitrary code to be executed when a malicious command is entered...