25 matches found
EUVD-2024-3357
Malicious code in bioql PyPI...
K000152943: PyYAML vulnerability CVE-2019-20477
Security Advisory Description PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and loadall functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. CVE-2019-20477...
CVE-2012-10048
CVE-2012-10048 affects Zenoss Core 3.x. The vulnerability is in the showDaemonXMLConfig endpoint where the daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitization, allowing an authenticated user to execute arbitrary commands on the server as the zenoss u...
Command Injection
Overview codecov is a Python report uploader for Codecov. Affected versions of this package are vulnerable to Command Injection. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method. PoC by Snyk codecov --gcov-args='& echo test vuln1.txt'...
Zyxel NBG6716 ozkerz component command injection vulnerability
The Zyxel NBG6716 is a wireless router product from Hopkin ZyXEL Technologies. ozkerz component is one of the components. A security vulnerability exists in the ozkerz component of the Zyxel NBG6716 V1.00AAKG.9C0 version, which originates from the program's direct use of beginIndex and endIndex i...