EulerOS 2.0 SP11 : python3 (EulerOS-SA-2023-1577)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2023-1587)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This...

Osprey Pump Controller 操作系统命令注入漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from the presence of an operating system command injection vulnerability. An attacker can exploit this vulnerability to inject and execute arbitrary shell...

Osprey Pump Controller 操作系统命令注入漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from an operating system command injection vulnerability. The vulnerability can be exploited to inject and execute arbitrary shell commands via the index.ph...

Apache Spark < 2.4.6 RCE (CVE-2020-9480)

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2022:2248-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2248-1 advisory. - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the...

Debian: Security Advisory (DLA-114-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-113-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-2021-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-26107

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

DEBIAN-CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

UBUNTU-CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

Design/Logic Flaw

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

Debian debian-goodies 注入漏洞

debian Debian GUN/Linux is a Linux operating system from the Debian community in the United States. The system has faster and easier memory management, open source software support, good system security, and high stability. A security vulnerability exists in debian-goodies version 0.88.1, which...

CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

Command Injection

@zowe/imperative is vulnerable to Command Injection. The vulnerability exists due to the insecure usage of execSync, which allows an already-privileged local attackers to inject and execute malicious shell commands through the plugin install/update commands or through maliciously formed environme...

Imperative CLI vulnerable to Command Injection

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

Design/Logic Flaw

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...