K15650046: Tcl code injection security exposure

Security Advisory Description Certain coding practices may allow an attacker to inject arbitrary Tool Command Language Tcl commands, which can be executed in the security context of the target Tcl script by the running Tcl interpreter. Note: This issue affects any user-supplied Tcl code executed ...

Cisco Email Security Appliance and Cisco Secure Email and Web Manager Vulnerabilities

Multiple vulnerabilities in the web UI and CLI of Cisco Email Security Appliance ESA and Cisco Secure Email and Web Manager could allow an authenticated attacker to perform injection attacks or elevate privileges. For more information about these vulnerabilities, see the Details "details" section...

CVE-2023-20010

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This...

Detection of Vulnerabilities in JavaScript Libraries

JavaScript is a popular programming language which is an integral component while developing interactive and dynamic web applications. It allows developers to create engaging and responsive user interfaces, handling complex web page elements, enhancing the overall functionality of the application...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to injection attacks in Ansible (CVE-2021-3583).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to attacks in Ansible, caused by template injection in the user's controller CVE-2021-3583. Attackers could exploit this vulnerability to execute arbitrary commands on the system. Ansible is included in some of...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2023-1061)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.6 : python (EulerOS-SA-2023-1061)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL...

CVE-2022-40740 Realtek GPON router - Command Injection

Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2022-0102)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker...

Security Bulletin: A vulnerability in Python affects IBM Elastic Storage System (CVE-2022-0391)

Summary Security vulnerability has been discovered in Python used by Elastic Storage System. Vulnerability Details CVEID:CVE-2022-0391 DESCRIPTION: Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-crafted...

Updated python packages fix security vulnerability

The mailcap module does not add escape characters into commands discovered in the system mailcap file. CVE-2015-20107 Allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. CVE-2021-4189 The urlparse method does not...

MGASA-2022-0367 Updated python packages fix security vulnerability

The mailcap module does not add escape characters into commands discovered in the system mailcap file. CVE-2015-20107 Allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. CVE-2021-4189 The urlparse method does not...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-2586)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : python2 (EulerOS-SA-2022-2585)

According to the versions of the python2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Python, specifically in the FTP File Transfer Protocol client library in PASV passive mode. The issue is how...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2022-2529)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 8 : python3 (ALSA-2022:6457)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6457 advisory. - In Python aka CPython through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may...

Sql injection

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

“Oops, I insecurely coded again!”

The call is coming from inside the house It’s no secret that companies need to be vigilant about application security. However, frequently the source of application vulnerabilities may come as a surprise to security teams. While zero-day exploits are a principal focus of vulnerability mitigation...

Sql injection

The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not validate and escape some reservation parameters before using them in SQL statements, which could allow unauthenticated attackers to perform SQL Injection attacks...

Ubuntu: Security Advisory (USN-4127-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...