CVE-2024-30726

This CVE-2024-30726 entry is rejected/not used and does not represent an active vulnerability.

CVE-2024-29443

PT-2024-3637 (ROS2) describes a vulnerability related to handling of shell command execution via ROS VERSION and ROS PYTHON VERSION environment variables. Affected software: ROS2 versions 2 through 3. Root cause: lack of proper neutralization of special elements used in operating system commands,...

CVE-2024-30712

CVE-2024-30712 entry is rejected/not used; this ID does not represent an active vulnerability.

PT-2024-23573 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 versions 2 Description: A shell injection issue was discovered in ROS2, allowing attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components...

CVE-2024-30694

CVE-2024-30694 entry is rejected/not used as explicitly stated in the Initial Description.

CVE-2024-30680

CVE-2024-30680 entry is rejected and does not represent an active vulnerability.

CVE-2024-30659

CVE-2024-30659 is rejected/not used; this CVE entry is not active.

PT-2024-23563 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: A shell injection issue was discovered, allowing attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the...

PT-2024-23547 · Ros · Ros

Name of the Vulnerable Software and Affected Versions: ROS Robot Operating System Melodic Morenia versions ROS VERSION 1 and ROS PYTHON VERSION 3 Description: The issue allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information. It is described as a Shell...

PT-2024-23589 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 versions 2 Description: A shell injection issue was discovered, allowing remote attackers to potentially exploit the system. Recommendations: For ROS2 version 2, at the moment, there is no information about a new...

Important: ruby

Issue Overview: A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw t...

maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

RHCOS 4 : OpenShift Container Platform 4.9.55 (RHSA-2023:0573)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:0573 advisory. - maven-shared-utils: Command injection via Commandline class CVE-2022-29599 Note that Nessus has not tested for this issue but has instead...

RHCOS 4 : OpenShift Container Platform 4.10.46 (RHSA-2022:9098)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:9098 advisory. - maven-shared-utils: Command injection via Commandline class CVE-2022-29599 Note that Nessus has not tested for this issue but has instead...

CVE-2023-42136

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...

Design/Logic Flaw

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...

CVE-2023-42136

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...

CVE-2023-42136

Summary (CVE-2023-42136 family): Android-based PAX PoS devices (PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 and earlier) are affected by a local privilege escalation via shell injection in a binder-exposed service, allowing an attacker with shell access to execute commands as the system user. Th...

PT-2024-1563 · Pax · Paydroid

Name of the Vulnerable Software and Affected Versions: PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier Description: The issue exists due to insufficient input validation in the PayDroid operating system, allowing an attacker to execute arbitrary...

PAX Technology Android based POS Security Vulnerability

PAX Technology Android based POS is a series of Android mobile payment terminals from China-based PAX Technology. A security vulnerability exists in PAX Technology Android based POS PayDroid8.1.0SagittariusV11.1.5020230614 and prior versions, which stems from a vulnerability that allows an attack...