1801 matches found
Debian dla-3427 : libkpathsea-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3427 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3427-2 [email protected]...
CVE-2023-32700
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
Design/Logic Flaw
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
CVE-2023-32700
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
CVE-2023-32700
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...
PT-2023-3439 · Unknown +2 · Imagemagick +2
Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: A security flaw in ImageMagick causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. This issue is related to the lack...
Oracle Linux 9 : emacs (ELSA-2023-2366)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2366 advisory. 1:27.2-8 - Use a 64KB page size for pdump 1979804 1:27.2-7 - Fix ctags local command execute vulnerability 2149387 Tenable has extracted the preceding descripti...
SUSE CVE-2023-32007
UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...
OS Command Injection
Apache Spark is vulnerable to OS command injection. The authentication filter checks if a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter may allow someone to impersonate an arbitrary user name and execute a Unix shell command...
Apache Spark Command Injection Vulnerability (CNVD-2023-71729)
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a command injection vulnerability that stems from the fact that if ACLs are enabled, a code path in the HttpSecurityFilter can...
CVE-2023-32007
UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...
CVE-2023-32007
UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...
CVE-2023-32007 Apache Spark: Shell command injection via Spark UI
UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...
CVE-2023-32007
CVE-2023-32007 describes a command injection in the Apache Spark UI when ACLs are enabled via spark.acls.enable. A path in HttpSecurityFilter could allow impersonation by supplying an arbitrary username, enabling a permission check to build and execute a Unix shell command as the Spark process us...
PT-2023-20120 · Nvidia · Nvidia Dgx-1 Bmc
Name of the Vulnerable Software and Affected Versions: NVIDIA DGX-1 BMC affected versions not specified Description: The issue concerns the SPX REST API in NVIDIA DGX-1 BMC, where an attacker with the appropriate authorization level can inject arbitrary shell commands. This may lead to code...
Amazon Linux AMI : sssd (ALAS-2023-1723)
The version of sssd installed on the remote host is prior to 1.16.4-21.27. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1723 advisory. A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and...
Important: sssd
Issue Overview: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access...
CVE-2023-28854
nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function...
CVE-2023-28854 nophp vulnerable to shell command injection on httpd user when sending a password-setting mail or mail-login mail
nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function...
CVE-2023-28854 nophp vulnerable to shell command injection on httpd user when sending a password-setting mail or mail-login mail
nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function...