Page 85 of 8792 results (0.065 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand • https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/exeCommand/README.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default PingOne Advanced Identity Cloud login page,they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4. • https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8 https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0

A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. • https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200 • CWE-787: Out-of-bounds Write •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

A memory corruption issue due to an improper length check in LabVIEW tdcore.dll may disclose information or result in arbitrary code execution. • https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/memory-corruption-issues-due-to-improper-length-checks-in-labview.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •