CVE-2019-10780

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

CVE-2019-10780

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

CVE-2019-10780

CVE-2019-10780 affects BibTeX-Ruby prior to 5.1.0. The vulnerability arises when untrusted input is passed directly to the built-in Ruby Kernel.open via BibTeX.open, enabling OS command injection. Multiple sources (Red Hat, GitHub advisories, OSV/Veracode, NVD) corroborate the issue and its descr...

CVE-2019-10780

BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open...

EulerOS Virtualization for ARM 64 3.0.5.0 : patch (EulerOS-SA-2020-1065)

According to the versions of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch fil...

NewStart CGSL CORE 5.05 / MAIN 5.05 : patch Multiple Vulnerabilities (NS-SA-2019-0253)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has patch packages installed that are affected by multiple vulnerabilities: - An issue was discovered in GNU patch before 2.7.6. Out- of-bounds access within pchwriteline in pch.c can possibly lead to DoS via a crafted input...

EulerOS 2.0 SP3 : patch (EulerOS-SA-2019-2645)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pchwriteline in pch.c can possibly lead to DoS via a crafted input...

CVE-2014-0163

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands...

CVE-2014-0163

CVE-2014-0163 affects OpenShift and is caused by unsanitized data being passed into shell commands, leading to shell command injection. According to NVD, the CVSS v3.1 base score is 8.8 (HIGH) with Network attack vector, low attack complexity, privileges required: LOW, and user interaction: NONE;...

Important: Red Hat Security Advisory: patch security update

An update for patch is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact...

NewStart CGSL CORE 5.04 / MAIN 5.04 : patch Multiple Vulnerabilities (NS-SA-2019-0223)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has patch packages installed that are affected by multiple vulnerabilities: - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style...

ALPINE-CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

CVE-2019-18934

A shell command injection vulnerability was discovered in the way unbound handles DNS queries for systems with a public key used for IPsec. When ipsecmod is enabled, a malicious DNS server could send a DNS reply which would be used during a following DNS query to execute shell commands with the...

EulerOS 2.0 SP5 : patch (EulerOS-SA-2019-2219)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for...

RHEL 7 : patch (RHSA-2019:3757)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3757 advisory. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes...

patch: OS shell command injection when processing crafted patch files

A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...

Amazon Linux AMI : patch (ALAS-2019-1312)

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 , but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.CVE-2018-20969 GNU patch through 2.7.6 is vulnerable to OS shell...

patch security update

CentOS Errata and Security Advisory CESA-2019:2964 An update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 7 : patch (RHSA-2019:2964)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2964 advisory. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes...

Oracle Linux 7 : patch (ELSA-2019-2964)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2964 advisory. 2.7.1-12 - Fixed CVE-2018-20969, invoke ed directly instead of using the shell Tenable has extracted the preceding description block directly from the...