Page 134 of 8658 results (0.054 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 2

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. Un problema en WWBN AVideo v.12.4 a v.14.2 permite a un atacante remoto ejecutar código arbitrario a través del parámetro systemRootPath del componente submitIndex.php. • https://github.com/Chocapikk/CVE-2024-31819 https://github.com/Jhonsonwannaa/CVE-2024-31819 https://chocapikk.com/posts/2024/cve-2024-31819 https://github.com/WWBN https://github.com/WWBN/AVideo • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.2EPSS: 0%CPEs: -EXPL: 1

This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. • https://github.com/Toxich4/CVE-2024-34469 https://access.redhat.com/security/cve/CVE-2024-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2274211 https://patchew.org/QEMU/20240409105537.18308-1-philmd@linaro.org https://access.redhat.com/errata/RHSA-2024:6964 • CWE-415: Double Free •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. • https://github.com/flipped-aurora/gin-vue-admin/commit/b1b7427c6ea6c7a027fa188c6be557f3795e732b https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gv3w-m57p-3wc4 https://pkg.go.dev/github.com/flipped-aurora/gin-vue-admin/server?tab=versions • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. Vulnerabilidad de codificación o escape de salida inadecuados en Apache Zeppelin. Los atacantes pueden ejecutar scripts de shell o código malicioso anulando configuraciones como ZEPPELIN_INTP_CLASSPATH_OVERRIDES. Este problema afecta a Apache Zeppelin: desde 0.8.2 antes de 0.11.1. Se recomienda a los usuarios actualizar a la versión 0.11.1, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/04/09/10 https://github.com/apache/zeppelin/pull/4715 https://lists.apache.org/thread/jpkbq3oktopt34x2n5wnhzc2r1410ddd • CWE-116: Improper Encoding or Escaping of Output •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. • http://www.openwall.com/lists/oss-security/2024/04/09/8 https://github.com/apache/zeppelin/pull/4709 https://lists.apache.org/thread/752qdk0rnkd9nqtornz734zwb7xdwcdb https://www.cve.org/CVERecord?id=CVE-2020-11974 • CWE-94: Improper Control of Generation of Code ('Code Injection') •