CVE-2024-3995 Command Injection in Helix ALM

In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins...

PT-2024-28752 · Perforce · Helix Alm

Name of the Vulnerable Software and Affected Versions: Helix ALM versions prior to 2024.2.0 Description: A local command injection issue was identified. The issue was reported by Bryan Riggins. Recommendations: For Helix ALM versions prior to 2024.2.0, update to version 2024.2.0 or later to resol...

Perforce Helix ALM Security Vulnerability

Perforce Helix ALM is an application lifecycle management software from Perforce. A security vulnerability exists in Perforce Helix ALM versions prior to 2024.2.0 that stems from the presence of local command injection...

CVE-2024-0325

In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins...

Command injection

In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins...

CVE-2024-0325

CVE-2024-0325 concerns a local command injection in Helix Sync versions prior to 2024.1 . The available documents confirm the vulnerability and its local-execution nature but do not provide concrete details on affected versions beyond the 2024.1 cutoff, the exact vulnerable component, or root cau...

Helix Sync Command Injection Vulnerability

perforce Helix Sync is a simplification tool from perforce. A security vulnerability exists in Helix Sync versions prior to 2024.1 that stems from the presence of local command injection...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2023-2120)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : emacs (RHSA-2023:2626)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2626 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp,...

emacs: local command injection in ruby-mode.el

A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection...

CVE-2023-2091

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function adjustcpufreqscalinggoverner. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been...

CVE-2023-0978

A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to...

CVE-2023-1277

A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been...

CVE-2021-4326 Imperative Local Command Injection allows Activity Masking

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2022-48338

A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection...

CVE-2022-48338

CVE-2022-48338 affects GNU Emacs up to version 28.2, via ruby-mode.el’s function ruby-find-library-file . The vulnerability is a local command injection: the function is interactive and calls external command gem through shell-command-to-string without escaping feature-name parameters, enabling a...

CVE-2021-31854

A command Injection Vulnerability in McAfee Agent MA for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the...

Cisco SD-WAN vManage 操作系统命令注入漏洞

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. Cisco SD-WAN vManage has an operating system command injection vulnerability that can be exploited by a local attacker to inject arbitrary...

CVE-2020-10049

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.10.2. The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system...

CVE-2020-10051

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.10.2. Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead...