Shell command injection in Liferay Portal

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template...

GHSA-P5F9-C9J9-G8QX Shell command injection in gitea

Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...

Shell command injection in gitea

Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...

GHSA-WP79-CPV2-9G7M Arbitrary shell command execution in Jenkins EC2 Plugin

Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...

Arbitrary shell command execution in Jenkins EC2 Plugin

Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...

GHSA-JCCV-3H4X-35MV Codiad Vulnerable to Shell Command Injection

components/filemanager/class.filemanager.php in Codiad before 2.8.3 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...

NewStart CGSL CORE 5.05 / MAIN 5.05 : sssd Vulnerability (NS-SA-2022-0044)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sssd packages installed that are affected by a vulnerability: - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. This flaw allows...

NewStart CGSL CORE 5.04 / MAIN 5.04 : sssd Vulnerability (NS-SA-2022-0013)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sssd packages installed that are affected by a vulnerability: - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. This flaw allows...

PT-2022-20314

Name of the Vulnerable Software and Affected Versions Gitea versions 1.16.6 and prior Description The issue is related to the improper handling of git fetch, allowing for shell command injection. This is due to the lack of escaping for the git fetch remote. There is no information provided about...

Python Shell Command Injection Vulnerability (bpo-24778) - Linux

Python is prone to a shell command injection vulnerability in the mailcap module. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Python Shell Command Injection Vulnerability (bpo-24778) - Mac OS X

Python is prone to a shell command injection vulnerability in the mailcap module. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE SLES12 Security Update : sssd (SUSE-SU-2022:1258-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1258-1 advisory. - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire...

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-1463)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validatio...

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-1472)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validatio...

SUSE-SU-2022:1258-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands bsc1189492. - Add LDAPS support for the AD provider bsc1183735jscSLE-17773. Non-security fixes: - Fixed a crash caused by calling dbuswatchhand...

AZL-9417 CVE-2015-20107 affecting package python3 for versions less than 3.9.13-5

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

The CVE-2015-20107 issue affects CPython’s mailcap module through Python 3.10.8 (and back-ported fixes to 3.7–3.9). Root cause: mailcap.findmatch does not escape system-mailcap commands, enabling shell-command injection when untrusted input is used (e.g., via unvalidated filenames/arguments). Doc...

PSF-2022-1 mailcap shell command injection

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...