CVE-2023-35861

A shell-injection vulnerability in email notifications on Supermicro motherboards such as H12DST-B before 03.10.35 allows remote attackers to inject execute arbitrary commands as root on the BMC...

Sql injection

A shell-injection vulnerability in email notifications on Supermicro motherboards such as H12DST-B before 03.10.35 allows remote attackers to inject execute arbitrary commands as root on the BMC...

CVE-2023-35861

A shell-injection vulnerability in email notifications on Supermicro motherboards such as H12DST-B before 03.10.35 allows remote attackers to inject execute arbitrary commands as root on the BMC...

PT-2023-25350 · Supermicro · Supermicro Motherboards

Name of the Vulnerable Software and Affected Versions: Supermicro motherboards versions prior to 03.10.35 Description: A shell-injection vulnerability in email notifications on Supermicro motherboards allows remote attackers to inject and execute arbitrary commands as root on the BMC...

CVE-2023-35861

CVE-2023-35861 affects Supermicro BMC firmware on H12DST-B (and related X12/X13/H12/H13 models) where a shell-injection in SMTP/email notifications allows remote command execution as root on the BMC. Root cause: shell-injection in the notification path; impact is arbitrary commands with root priv...

CVE-2023-35861

A shell-injection vulnerability in email notifications on Supermicro motherboards such as H12DST-B before 03.10.35 allows remote attackers to inject execute arbitrary commands as root on the BMC...

Debian: Security Advisory (DLA-3502-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3502-1] python-git security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3502-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler July 25, 2023 https://wiki.debian.org/LTS -...

CVE-2021-4406

An authenticated attacker is able to create alerts that trigger a stored XSS attack. POC go to the alert manager open the ITSM tab add a webhook with the URL/service token value ' -h && id | tee /tmp/ttttttddddssss ' whitespaces are tab characters click add click apply create a test alert The tes...

OESA-2023-1349 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2023-1350 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

SUSE CVE-2023-34153

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding...

maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2023-28983 Junos OS Evolved: Shell Injection vulnerability in the gNOI server

An OS Command Injection vulnerability in gRPC Network Operations Interface gNOI server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4...

CVE-2023-28983 Junos OS Evolved: Shell Injection vulnerability in the gNOI server

An OS Command Injection vulnerability in gRPC Network Operations Interface gNOI server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4...

Amazon Linux 2023 : maven-shared-utils, maven-shared-utils-javadoc (ALAS2023-2023-077)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-077 advisory. org.apache.maven.shared:maven-shared-utils is a functional replacement for plexus-utils in Maven. Affected versions of this package are vulnerable to Command Injection. The Commandline class can emit...

SUSE CVE-2023-27985

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...

DEBIAN-CVE-2023-27985

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...