Lucene search
K

457 matches found

CNNVD
CNNVD
added 2024/06/06 12:0 a.m.6 views

Sysaid Technologies SysAid Operating System Command Injection Vulnerability

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, an Israeli company. SysAid suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements used in operating system commands, resulting i...

9.8CVSS7.7AI score0.01101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.4 views

PT-2024-5243 · Futurenet · Futurenet Nxr Series

Name of the Vulnerable Software and Affected Versions: FutureNet NXR series versions affected versions not specified FutureNet VXR series versions affected versions not specified FutureNet WXR series versions affected versions not specified Description: The issue is related to the lack of measure...

9.8CVSS7.8AI score0.0065EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.6 views

LoLLMs Operating System Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in LoLLMs version 9.3 that stems from improper neutralization of special elements used in operating system commands, which could allow...

9.8CVSS7.9AI score0.01219EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/05/22 5:46 p.m.16 views

CVE-2024-20360

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...

8.8CVSS8.6AI score0.00836EPSS
Exploits0References1
OSV
OSV
added 2024/05/17 11:8 a.m.5 views

OESA-2024-1587 less security update

Less is a pager. A pager is a program that displays text files. Other pagers commonly in use are more and pg. Pagers are often used in command-line environments like the Unix shell and the MS-DOS command prompt to display files. Security Fixes: less through 653 allows OS command execution via a...

8.6CVSS7.2AI score0.00628EPSS
Exploits0References2
OSV
OSV
added 2024/05/10 11:7 a.m.3 views

OESA-2024-1547 less security update

Less is a pager. A pager is a program that displays text files. Other pagers commonly in use are more and pg. Pagers are often used in command-line environments like the Unix shell and the MS-DOS command prompt to display files. Security Fixes: less through 653 allows OS command execution via a...

8.6CVSS7.2AI score0.00628EPSS
Exploits0References2
NVD
NVD
added 2024/05/03 11:15 a.m.30 views

CVE-2024-34073

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

7.8CVSS8.1AI score0.01143EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/03 10:11 a.m.12 views

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

7.8CVSS8.1AI score0.01143EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/03 10:11 a.m.41 views

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

7.8CVSS8.2AI score0.01143EPSS
Exploits0References3
OSV
OSV
added 2024/04/03 1:15 p.m.2 views

CVE-2023-25699

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15...

9.8CVSS7.3AI score0.01289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.7 views

PT-2024-12070 · Unknown · Videowhisper Live Streaming Integration

Name of the Vulnerable Software and Affected Versions: VideoWhisper Live Streaming Integration versions n/a through 5.5.15 Description: The issue is related to an OS Command Injection vulnerability due to improper neutralization of special elements used in an OS command. This allows for OS Comman...

9.8CVSS9.9AI score0.01289EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/24 12:0 a.m.5 views

Tenda AC10 操作系统命令注入漏洞

Tenda AC10 is a wireless router from Tenda, China. An OS command injection vulnerability exists in Tenda AC10U version 15.03.06.48, which originates from an OS command injection in the usbName parameter of the formSetSambaConf method on the /goform/setsambacfg page...

9.8CVSS7AI score0.04009EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.4 views

PT-2024-3305 · Kemp · Loadmaster

Name of the Vulnerable Software and Affected Versions: LoadMaster affected versions not specified Description: An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a...

8.8CVSS9.1AI score0.55422EPSS
Exploits0References20
Cvelist
Cvelist
added 2024/03/21 11:45 a.m.20 views

CVE-2024-2742 OS Command Injection in Planet IGS-4215-16T2S

Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality...

6.4CVSS7.1AI score0.00499EPSS
Exploits0References1
CNVD
CNVD
added 2024/02/22 12:0 a.m.6 views

Dell Unity SQL Injection Vulnerability

Dell Unity is a set of virtual Unity storage environments from Dell USA. A SQL injection vulnerability exists in Dell Unity prior to version 5.4, which stems from the inclusion of an operating system command injection vulnerability in its svccava utility. An attacker could exploit this...

6.5CVSS8AI score0.00421EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.4 views

PT-2024-3897 · Sap · Sap Ides Ecc-Systems

Name of the Vulnerable Software and Affected Versions: SAP IDES ECC-systems affected versions not specified Description: The issue allows the execution of arbitrary program code of a user's choice, potentially enabling an attacker to control the system's behavior by executing malicious code. This...

7.4CVSS7.5AI score0.0049EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.5 views

PT-2024-2833

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.5.2645 build 20240116 QuTS hero versions prior to h5.1.5.2647 build 20240118 QuTScloud versions prior to c5.1.5.2651 Description An OS command injection vulnerability exists in QNAP operating system versions due to th...

8.3CVSS7.4AI score0.89157EPSS
Exploits4References32
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.5 views

Akaunting Operating System Command Injection Vulnerability

Akaunting is an application from Akaunting that provides all the tools needed to manage money online. An operating system command injection vulnerability exists in Akaunting v3.1.3 and prior versions, which stems from the presence of an operating system command injection that could allow an...

9.8CVSS7.6AI score0.30036EPSS
Exploits3References6
CNVD
CNVD
added 2024/01/11 12:0 a.m.7 views

GTKWave OS Command Injection Vulnerability (CNVD-2024-39666)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. GTKWave version 3.3.115 suffers from an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary code execution via a specially crafted fst file...

7.8CVSS7.8AI score0.01481EPSS
Exploits1References1
OSV
OSV
added 2023/12/12 9:15 a.m.3 views

CVE-2023-49695

OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product...

6.8CVSS6AI score0.00862EPSS
Exploits0References2
Rows per page
Query Builder