Synology BeePhotos 操作系统命令注入漏洞

Synology BeePhotos is a photo backup program from China-based Synology Inc. The operating system command injection vulnerability exists in Synology BeePhotos versions prior to 1.0.2-10026 and 1.1.0-10053, which stems from improper neutralization of a special element in the Task Manager component,...

CVE-2024-11005

Command injection in Ivanti Connect Secure before version 22.7R2.1 Not Applicable to 9.1Rx and Ivanti Policy Secure before version 22.7R1.1 Not Applicable to 9.1Rx allows a remote authenticated attacker with admin privileges to achieve remote code execution...

Low: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

RHEL 9 : cups (RHSA-2024:9470)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9470 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd:...

ALSA-2024:9470 Low: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd: remote command injection via attacker controlled data in PPD file For more details about the security issues, including the impact, a CVSS score,...

Low: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd: remote command injection via attacker controlled data in PPD file For more details about the security issues, including the impact, a CVSS score,...

CVE-2024-11046

A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgradefilterasp of the file /upgradefilter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2024-10966

A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotel...

CVE-2024-10915

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgiuseradd of the file /cgi-bin/accountmgr.cgi?cmd=cgiuseradd. The manipulation of the argument group leads to os command injection. T...

PT-2024-7744

Name of the Vulnerable Software and Affected Versions D-Link DNS-320 versions 1.00 through 1.08 D-Link DNS-320LW versions 1.01.0914.2012 and earlier D-Link DNS-325 versions 1.01 through 1.02 D-Link DNS-340L versions 1.08 and earlier Description A critical vulnerability has been found in D-Link DN...

CVE-2024-10429

A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function setipv6 of the file internet.cgi. The manipulation of the argument IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr leads to command injection. It is possible to...

CVE-2024-10428

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function setipv6 of the file firewall.cgi. The manipulation of the argument dhcpGateway leads to command injection. The attack may be initiated remotely. The...

CVE-2024-10429

The CVE-2024-10429 entry concerns WAVLINK WN530H4, WN530HG4 and WN572HG3 devices. Affected is the function set_ipv6 in the file internet.cgi, where manipulation of the IPv6OpMode/IPv6IPAddr/IPv6WANIPAddr/IPv6GWAddr arguments leads to command injection. The issue enables remote execution and has b...

PT-2024-16274 · Wavlink · Wavlink Wn572Hp3 +1

Name of the Vulnerable Software and Affected Versions: WAVLINK WN530H4 versions up to 20221028 WAVLINK WN530HG4 versions up to 20221028 WAVLINK WN572HG3 versions up to 20221028 Description: A critical vulnerability has been found, affecting the function set ipv6 of the file internet.cgi. The...

RLSA-2024:7463 Important: cups-filters security update

The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System CUPS distribution but is now maintained independently. Security Fixes: cups-browsed: cups-browsed binds on UDP INADDRANY:631 trusting any packet from any source...

Cisco Adaptive Security Appliance SSH Remote Command Injection Vulnerability

Cisco Adaptive Security Appliance ASA is a comprehensive network security appliance developed by Cisco that provides firewall, VPN, IPS, and other security features. It supports both physical and virtual deployments and can adapt to the security needs of networks of different sizes. A remote...

RockyLinux 8 : cups-filters (RLSA-2024:7463)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:7463 advisory. cups-browsed: cups-browsed binds on UDP INADDRANY:631 trusting any packet from any source cups-filters: libcupsfilters: cfGetPrinterAttributes API does n...

Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability (cisco-sa-asa-ssh-rce-gRAuPEUF)

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

Cisco Adaptive Security Appliance 安全漏洞

Cisco Adaptive Security Appliance ASA is a comprehensive network security appliance developed by Cisco that provides firewall, VPN, IPS, and other security features. It supports both physical and virtual deployments and can adapt to the security needs of networks of different sizes. A remote...

CVE-2024-10193

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function pingddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has...