CVE-2024-27763

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-77
View all →

Vulnerability Description

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable.

Related Vulnerabilities

CVE-2017-1720

MEDIUM
CVSS:5.3(Medium)

IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.

CWE-772017

CVE-2017-18442

MEDIUM
CVSS:5.3(Medium)

cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).

CWE-772017

CVE-2017-2324

MEDIUM
CVSS:5.3(Medium)

A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service c...

CWE-772017

CVE-2018-20523

MEDIUM
CVSS:5.3(Medium)

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's clearte...

CWE-772018

CVE-2019-1606

MEDIUM
CVSS:5.3(Medium)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerabilit...

CWE-772019

CVE-2021-38373

MEDIUM
CVSS:5.3(Medium)

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.

CWE-772021