maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

PT-2022-7347 · Apache +8 · Apache Maven Maven-Shared-Utils +8

Name of the Vulnerable Software and Affected Versions: Apache Maven maven-shared-utils versions prior to 3.3.3 Description: The issue is related to the Commandline class in Apache Maven maven-shared-utils, which can emit double-quoted strings without proper escaping. This allows for shell injecti...

ALPINE-CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

DEBIAN-CVE-2022-27811

GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename...

shescape Information Disclosure Vulnerability

shescape is an open source package of simple shell escaping programs for JavaScript. Use it to escape user-controlled input to shell commands to prevent shell injection. shescape versions 1.4.0 through 1.5.1 are vulnerable to an information disclosure vulnerability that stems from using the escap...

ruby: Code injection via command argument of Shell#test / Shell#[]

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

Design/Logic Flaw

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

CVE-2022-22945

CVE-2022-22945 affects VMware NSX Data Center for vSphere (NSX-V) in the NSX Edge appliance. A CLI shell injection exists that allows a user with SSH access to an NSX-Edge appliance to execute arbitrary commands as root on the underlying OS (local privilege escalation). Reported cause: improper i...

CVE-2022-22945

VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...

VMSA-2022-0005:VMware NSX Data Center for vSphere update addresses CLI shell injection vulnerability

Advisory ID: VMSA-2022-0005.2 CVSSv3 Range: 8.8 Issue Date:2022-02-15 Updated On: 2022-04-07 CVEs: CVE-2022-22945 Synopsis: VMware NSX Data Center for vSphere update addresses CLI shell injection vulnerability CVE-2022-22945 RSS Feed Download PDF Download Text File Share this page on social media...

Mageia: Security Advisory (MGASA-2019-0386)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2020-0329)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2020-0376)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0331)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-3621

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

Debian DSA-5011-1 : salt - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5011 advisory. - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allo...