Amazon Linux AMI : sssd (ALAS-2023-1723)

The version of sssd installed on the remote host is prior to 1.16.4-21.27. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1723 advisory. A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and...

Important: sssd

Issue Overview: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access...

CVE-2023-28854

nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function...

CVE-2023-28854

CVE-2023-28854 affects the nophp PHP web framework (versions prior to 0.0.1). The vulnerability is a shell command injection on the httpd user. A patch was released at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa (2023-03-30). Remediation: upgrade index.php to 2023-03-30 or later. As a workaro...

CVE-2023-28854 nophp vulnerable to shell command injection on httpd user when sending a password-setting mail or mail-login mail

nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function...

CVE-2023-28854 nophp vulnerable to shell command injection on httpd user when sending a password-setting mail or mail-login mail

nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function...

CVE-2023-28854 nophp vulnerable to shell command injection on httpd user when sending a password-setting mail or mail-login mail

nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function...

nophp 命令注入漏洞

nophp is paijp individual developers of a lightweight simple php-based Web framework . A command injection vulnerability exists in versions prior to nophp 0.0.1, which stems from vulnerability to shell command injection attacks by httpd users...

PT-2023-22010 · Nophp · Nophp

Name of the Vulnerable Software and Affected Versions: nophp versions prior to 0.0.1 Description: The issue affects the nophp PHP web framework, where versions prior to 0.0.1 are vulnerable to shell command injection on the httpd user. A patch was made available to address this issue...

CVE-2023-28102 Command injection in discordrb

discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...

CVE-2022-42500

In OEMOnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Input validation

In OEMOnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2022-42500

In OEMOnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

PT-2023-14130 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue is related to improper input validation in the OEM OnRequest function of sced.cpp, which could lead to shell command execution. This may result in local escalation...

Google Pixel 输入验证错误漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that stems from incorrect input validation and may execute shell commands...

CBL Mariner 2.0 Security Update: emacs (CVE-2023-27985)

The version of emacs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27985 advisory. - emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a craft...

Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2023-134)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-134 advisory. emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-1577)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: emacs

Issue Overview: emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. CVE-2023-27985 emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable...

CBL Mariner 2.0 Security Update: busybox (CVE-2021-42376)

The version of busybox installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-42376 advisory. - A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted...