57 matches found
CVE-2025-20314
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to improper...
Cisco IOS XE 安全漏洞
Cisco IOS XE is an operating system from Cisco, Inc. Used as a single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE that stems from improper package...
Linux Distros Unpatched Vulnerability : CVE-2022-48738
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: ops: Reject out of bounds values in sndsocputvolsw We don't currently validate that the values being set are within the range we advertised to userspace a...
CVE-2020-0003
In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions...
Improper Package Validation
pnpm is vulnerable to Improper Package Validation. The library has the ability to produce tarballs that are harmful when installed using pnpm but safe when installed using npm or the registry. As a result, when a package is installed via pnpm, a malicious version may replace the one that was...
CVE-2023-38495
Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered...
CVE-2021-41067
The CVE-2021-41067 issue affects Listary up to version 6, caused by an improper update process and lack of package validation. Updates are fetched over a /check-update HTTP-based channel, enabling MITM manipulation of update packages and potentially resulting in installation of malicious content....
CVE-2021-34715
A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to...
OS Command Injection in giting
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument repo of function pull is executed by the package without any validation...
Cisco Iox 命令注入漏洞
Cisco IOS XE is an open and flexible operating system optimized for future work. A command injection vulnerability exists in Cisco IOS XE versions after 16.3.1. The vulnerability is due to incomplete validation of fields in application packages loaded into IOx. An attacker can exploit the...
CVE-2021-0219
A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command...
Command injection
A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root privilege. To validate a package in Junos before installation, an administrator executes the command...
Malicious Package in nodes.js
All versions of nodes.js contain malicious code. The package searches and installs globally thousands of packages based on keywords node, react, react-native, vue, angular and babel to fill the system's memory. Recommendation Remove the package from your environment and validate what packages are...
CVE-2020-3238
A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input...
CVE-2019-15795
The CVE concerns python-apt (apt/package.py) where MD5 hashes were used to validate downloaded files in Version.fetch_binary() and Version.fetch_source(), affecting 1.9.0ubuntu1 and earlier. This trust gap creates a potential MITM path to install altered packages. The issue is resolved in fixed r...
USN-4247-1 python-apt vulnerabilities
It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to install altered packages. CVE-2019-15795 It was discovered that python-apt could...
CVE-2020-0003
In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions...
CVE-2020-0003
In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions...
CVE-2020-0003
CVE-2020-0003 affects Android 8.0 when the framework’s InstallStart.java onCreate contains a time‑of‑check time‑of‑use packaging validation bypass. The issue could allow a local elevation of privilege with user interaction required, via a vulnerability in the Android Framework. Public details ind...
CVE-2020-0003
In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions...