EulerOS Virtualization 2.9.0 : python3 (EulerOS-SA-2022-2398)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system...

[SECURITY] [DSA 5229-1] freecad security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5229-1 [email protected] https://www.debian.org/security/ Aron Xu September 13, 2022 https://www.debian.org/security/faq -...

DEBIAN-CVE-2021-4041

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

PYSEC-2022-253

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

CVE-2022-37061

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...

PT-2022-23777 · Flir · Flir Ax8

Name of the Vulnerable Software and Affected Versions: FLIR AX8 thermal sensor cameras version up to and including 1.46.16 Description: The issue allows for Remote Command Injection, which can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST...

Pict - Post-Infection Collection Toolkit

This set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident response process. This data should not be considered to be a full forensic data collection, but does capture a lot of useful forensic information. If you want true...

CVE-2022-31180 Insufficient escaping of whitespace in shescape

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

[SECURITY] Fedora 36 Update: golang-github-sqshq-sampler-1.1.0-10.fc36

Tool for shell commands execution, visualization and alerting. Configured with a simple YAML file...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-2144)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. Th...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-2169)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. Th...

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root

SpaceLogic.ps1 Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 Remote Root Exploit Vendor: Schneider Electric SE Product web page: https://www.se.com https://www.se.com/ww/en/product/5200WHC2/home-controller-spacelogic-cbus-cbus-ip-free-standing-24v-dc/...

Fedora: Security Advisory for golang-github-sqshq-sampler (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fixed CVE-2015-20170 in python

CVE-2015-20170: mailcap: findmatch function does not sanitise the second argument allowing to inject shell commands...

Apache Spark 操作系统操作系统命令注入漏洞

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a command injection vulnerability that can be exploited by an attacker to cause arbitrary shell commands to be executed as the us...

Apache Spark Command Injection Vulnerability

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a command injection vulnerability that can be exploited by an attacker to cause arbitrary shell commands to be executed as the us...

Command Injection

python is vulnerable to command injection. The vulnerability exist due to mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input...

EulerOS Virtualization 2.10.1 : python3 (EulerOS-SA-2022-2119)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system...

PT-2022-20592 · Microsoft +1 · Powershell +2

Name of the Vulnerable Software and Affected Versions: Shescape versions prior to 1.5.8 Description: The issue impacts users of the escape or escapeAll functions with the interpolation option set to true. If an attacker can include whitespace in their input, they can invoke shell-specific behavio...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Python vulnerability (USN-5519-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5519-1 advisory. It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitra...