CVE-2024-29189

HIGH Year: 2024
CVSS v3 Score
7.4
High
Weakness Type
CWE-78
View all →

Vulnerability Description

PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12.

Related Vulnerabilities

CVE-2015-4956

HIGH
CVSS:7.4(High)

The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors.

CWE-782015

CVE-2017-3506

HIGH
CVSS:7.4(High)

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2...

CWE-782017

CVE-2018-6021

HIGH
CVSS:7.4(High)

Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution.

CWE-782018

CVE-2020-1734

HIGH
CVSS:7.4(High)

A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable...

CWE-782020

CVE-2020-6757

HIGH
CVSS:7.4(High)

contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows authenticated attackers to remotely execute code via the name parameter.

CWE-782020

CVE-2021-42324

HIGH
CVSS:7.4(High)

An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authe...

CWE-782021