Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5
Vulnerability Description
A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. An authenticated attacker can inject arbitrary pickle object as part of a user's profile. This can lead to code execution on the server when the user's profile is accessed.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
CERT Coordination Center VINCE代码问题漏洞
Vulnerability Description
VINCE是美国CERT Coordination Center开源的一个 CERT 协调中心开发和使用的漏洞信息和协调环境。用于改进协调的漏洞披露。 CERT Coordination Center VINCE 1.50.5 之前版本存在安全漏洞,该漏洞源于存在远程代码注入漏洞。经过身份验证的攻击者可以将任意 pickle 对象作为用户配置文件的一部分注入。 当访问用户的配置文件时,这可能会导致在服务器上执行代码。
CVSS Information
N/A
Vulnerability Type
N/A