SUSE: Security Advisory (SUSE-SU-2018:3926-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NEC Aterm WG2600HS 操作系统命令注入漏洞

The NEC Aterm WG2600HS is a wireless router from Nippon Electric NEC. Aterm WG2600HS: Version 1.5.1 contains a security vulnerability that could allow a remote attacker to execute arbitrary shell commands on the target system...

mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user

A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...

Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2021-1682)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated ksh packages fix security vulnerability

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

EulerOS 2.0 SP2 : ImageMagick (EulerOS-SA-2021-1305)

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service use-after-free and application crash or...

Amazon Linux 2 : ImageMagick (ALAS-2021-1596)

The version of ImageMagick installed on the remote host is prior to 6.9.10.68-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1596 advisory. A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF fil...

Amazon Linux AMI : ImageMagick (ALAS-2021-1479)

The version of ImageMagick installed on the remote host is prior to 6.9.10.68-3.23. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1479 advisory. A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF...

Important: ImageMagick

Issue Overview: A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdf.c. The highest threat from this vulnerability is to data confidentiality and integrity as well a...

Command Injection

spritesheet-js is vulnerable to command injection. The vulnerability exists due to exec arguments not sanitized when passed to the function trimImages, which allows an attacker to inject arbitrary shell commands...

EulerOS 2.0 SP9 : ksh (EulerOS-SA-2021-1247)

According to the version of the ksh package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass...

Huawei EulerOS: Security Advisory for ksh (EulerOS-SA-2021-1247)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : ImageMagick (EulerOS-SA-2021-1147)

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could...

Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2021-1074)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : ImageMagick (ELSA-2021-0024)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-0024 advisory. 6.9.10.68-5 - Adding CTV-2020-29599 fix Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

Debian: Security Advisory (DSA-4819-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4819-1 : kitty - security update

Stephane Chauveau discovered that the graphics protocol implementation in Kitty, a GPU-based terminal emulator, did not sanitise a filename when returning an error message, which could result in the execution of arbitrary shell commands when displaying a file with cat. C Tenable Network Security,...

Debian DSA-4811-1 : libxstream-java - security update

It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream. For additional defense-in-depth it is recommended to switch to the whitelist...

CVE-2020-29599

A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdf.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

CVE-2020-29599

ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via...