CVE-2024-27758

HIGH Year: 2024
CVSS v3 Score
8.4
High
Weakness Type
CWE-306
View all →

Vulnerability Description

In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.

Related Vulnerabilities

CVE-2017-8155

HIGH
CVSS:8.4(High)

The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor u...

CWE-3062017

CVE-2020-25621

HIGH
CVSS:8.4(High)

An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys a...

CWE-3062020

CVE-2022-23862

HIGH
CVSS:8.4(High)

A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authenti...

CWE-3062022

CVE-2024-27169

HIGH
CVSS:8.4(High)

Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/mode...

CWE-3062024

CVE-2019-18572

HIGH
CVSS:8.3(High)

The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host...

CWE-3062019

CVE-2020-6294

HIGH
CVSS:8.5(High)

Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.

CWE-3062020