CVE-2023-34153

A vulnerability was found in ImageMagick. This issue may allow shell command injection via video:vsync or video:pixel-format options in VIDEO encoding/decoding...

Debian dla-3436 : libipa-hbac-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3436 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3436-2 [email protected] https://www.debian.org/lts/security/...

Slackware Linux 15.0 / current texlive Vulnerability (SSA:2023-144-01)

The version of texlive installed on the remote host is prior to 2023.230322. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-144-01 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source...

thrsrossi Millhouse-Project 1.414 - Remote Code Execution

sdsdsds ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="files"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="category" 1 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition...

Debian: Security Advisory (DLA-3427-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3427 : libkpathsea-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3427 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3427-2 [email protected]...

Design/Logic Flaw

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

CVE-2023-32700

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

CVE-2023-32700

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

CVE-2023-32700

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

PT-2023-3439 · Unknown +2 · Imagemagick +2

Name of the Vulnerable Software and Affected Versions: ImageMagick affected versions not specified Description: A security flaw in ImageMagick causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. This issue is related to the lack...

Oracle Linux 9 : emacs (ELSA-2023-2366)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2366 advisory. 1:27.2-8 - Use a 64KB page size for pdump 1979804 1:27.2-7 - Fix ctags local command execute vulnerability 2149387 Tenable has extracted the preceding descripti...

SUSE CVE-2023-32007

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

OS Command Injection

Apache Spark is vulnerable to OS command injection. The authentication filter checks if a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter may allow someone to impersonate an arbitrary user name and execute a Unix shell command...

Apache Spark Command Injection Vulnerability (CNVD-2023-71729)

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a command injection vulnerability that stems from the fact that if ACLs are enabled, a code path in the HttpSecurityFilter can...

CVE-2023-32007

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

CVE-2023-32007

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

CVE-2023-32007

CVE-2023-32007 describes a command injection in the Apache Spark UI when ACLs are enabled via spark.acls.enable. A path in HttpSecurityFilter could allow impersonation by supplying an arbitrary username, enabling a permission check to build and execute a Unix shell command as the Spark process us...

CVE-2023-32007 Apache Spark: Shell command injection via Spark UI

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

PT-2023-20120 · Nvidia · Nvidia Dgx-1 Bmc

Name of the Vulnerable Software and Affected Versions: NVIDIA DGX-1 BMC affected versions not specified Description: The issue concerns the SPX REST API in NVIDIA DGX-1 BMC, where an attacker with the appropriate authorization level can inject arbitrary shell commands. This may lead to code...