RHEL 7 : cifs-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cifs-utils: shell command injection in mount.cifs CVE-2020-14342 - cifs-utils through 6.14, with verbose...

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system...

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 CVSS score: 10.0, could be weaponized to obtain unauthenticated remote shell command execution o...

PT-2024-24747 · Jadx · Jadx

Name of the Vulnerable Software and Affected Versions: jadx versions prior to 1.5.0 Description: The issue concerns a Dex to Java decompiler where the package name is not filtered before concatenation, allowing an attacker to inject arbitrary code into the package name. This can be exploited to...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

GHSA-WX43-G55G-2JF4 LocalAI Command Injection in audioToWav

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

LocalAI Command Injection in audioToWav

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

CVE-2024-2029

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

GHSA-WV28-7FPW-FJ49 Lektor does not sanitize database path traversal

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

Lektor does not sanitize database path traversal

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

USN-6714-1 debian-goodies vulnerability

It was discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands...

CVE-2024-2448 LoadMaster Command Injection Vulnerability

An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection...

[SECURITY] [DSA 5641-1] fontforge security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5641-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 19, 2024 https://www.debian.org/security/faq -...

OESA-2024-1274 A-Tune-Collector security update

A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...

BIT-SPARK-2023-32007 Apache Spark: Shell command injection via Spark UI

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

OESA-2024-1159 aops-ceres security update

An agent which needs to be adopted in client, it managers some plugins, such as gala-gopherkpi collection, fluentdlog collection and so on. Security Fixes: In versions 1.3.0-1.4.1 of the ceres software package, the executeshellcommand function does not properly verify or filter the command or...

TP-Link ER7206 Omada Gigabit VPN Router uhttpd web group command injection vulnerability

Talos Vulnerability Report TALOS-2023-1858 TP-Link ER7206 Omada Gigabit VPN Router uhttpd web group command injection vulnerability February 6, 2024 CVE Number CVE-2023-47617 SUMMARY A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER72...

PHPMailer Shell command injection

PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Impact Shell command injection, remotely exploitable if host application does not filter user data...

GHSA-6H78-85V2-MMCH PHPMailer Shell command injection

PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Impact Shell command injection, remotely exploitable if host application does not filter user data...