Debian: Security Advisory (DLA-3086-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3086-1] maven-shared-utils security update

Debian LTS Advisory DLA-3086-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany August 29, 2022 https://wiki.debian.org/LTS Package : maven-shared-utils Version : 3.3.0-1+deb10u1 CVE ID : CVE-2022-29599 Debian Bug : 1012314 It was discovered that the Commandline...

CVE-2022-25168

Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...

CLSA-2022-1658347647 Fixed CVE-2015-20170 in python3

CVE-2015-20170: mailcap: findmatch function does not sanitise the second argument allowing to inject shell commands...

CLSA-2022-1658347112 Fixed CVE-2015-20170 in python

CVE-2015-20170: mailcap: findmatch function does not sanitise the second argument allowing to inject shell commands...

CLSA-2022-1658346878 Fixed CVE-2015-20170 in python

CVE-2015-20170: mailcap: findmatch function does not sanitise the second argument allowing to inject shell commands...

Verizon 5G Home LVSKIHP 操作系统命令注入漏洞

The Verizon 5G Home LVSKIHP is an all-in-one integrated modem and router from Verizon USA. It provides access to Verizon Wireless 5G wireless home Internet service. A security vulnerability exists in Verizon 5G Home LVSKIHP OutDoorUnit ODU version 3.33.101.0, which stems from a lack of property...

PYSEC-2022-238

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

Debian: Security Advisory (DLA-3059-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3059-1] maven-shared-utils security update

Debian LTS Advisory DLA-3059-1 [email protected] https://www.debian.org/lts/security/ ; Markus Koschany June 26, 2022 https://wiki.debian.org/LTS Package : maven-shared-utils Version : 3.0.0-1+deb9u1 CVE...

Debian DLA-3059-1 : maven-shared-utils - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3059 advisory. It was discovered that the Commandline class in maven-shared-utils, a collection of various utility classes for the Maven build system, can emit double-quoted strings witho...

DEBIAN-CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

AZL-9967 CVE-2022-2068 affecting package openssl for versions less than 1.1.1k-17

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

ALPINE-CVE-2022-2068

In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...

AlmaLinux 8 : maven:3.6 (ALSA-2022:4797)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4797 advisory. maven-shared-utils: Command injection via Commandline class CVE-2022-29599 Tenable has extracted the preceding description block directly from the AlmaLinux securi...

AlmaLinux 8 : maven:3.5 (ALSA-2022:4798)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:4798 advisory. maven-shared-utils: Command injection via Commandline class CVE-2022-29599 Tenable has extracted the preceding description block directly from the AlmaLinux securi...

Oracle Linux 8 : maven:3.5 (ELSA-2022-4798)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-4798 advisory. maven-shared-utils 3.2.1-0.2 - Fix commandline injection vulnerability - Resolves: CVE-2022-29599 Tenable has extracted the preceding description block directly...

Oracle Linux 8 : maven:3.6 (ELSA-2022-4797)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-4797 advisory. maven-shared-utils 3.2.1-0.4 - Build with OpenJDK 8 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

OESA-2022-1684 maven-shared-utils security update

This package can be the functional replacement of plexus-utils in Maven. At the same time, the package has many hightlights, such as: a lot of methods got cleaned up, generics got added and a lot of unused code dropped. Security Fixes: In Apache Maven maven-shared-utils prior to version 3.3.3, th...