CVE-2022-43938

HIGH Year: 2022
CVSS v3 Score
8.8
High
Weakness Type
CWE-96
View all →

Vulnerability Description

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager.

Related Vulnerabilities

CVE-2015-2079

HIGH
CVSS:8.8(High)

Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.

CWE-962015

CVE-2024-55662

HIGH
CVSS:8.8(High)

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user ca...

CWE-962024

CVE-2024-55877

HIGH
CVSS:8.8(High)

XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by addi...

CWE-962024

CVE-2024-32487

HIGH
CVSS:8.6(High)

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled fi...

CWE-962024

CVE-2023-39726

CRITICAL
CVSS:9.8(Critical)

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

CWE-962023

CVE-2024-13264

CRITICAL
CVSS:9.8(Critical)

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0....

CWE-962024