CVE-2020-12149

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

CVE-2020-12149 OS Command Injection - Management File Upload

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

Virtuozzo 7 : patch (VZLSA-2019-2964)

An update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

SUSE SLED15 / SLES15 Security Update : cifs-utils (SUSE-SU-2020:2729-1)

This update for cifs-utils fixes the following issues : CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs bsc1174477. Fixed an invalid free in mount.cifs; bsc1152930. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

SUSE SLES12 Security Update : cifs-utils (SUSE-SU-2020:2728-1)

This update for cifs-utils fixes the following issues : CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs bsc1174477. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

Remote code execution in dependabot-core branch names when cloning

Impact Remote code execution vulnerability in dependabot-common and dependabot-gomodules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$curl,127.0.0.1", Dependabot will make a HTTP request to...

GHSA-23F7-99JX-M54R Remote code execution in dependabot-core branch names when cloning

Impact Remote code execution vulnerability in dependabot-common and dependabot-gomodules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$curl,127.0.0.1", Dependabot will make a HTTP request to...

Remote code execution in dependabot-core branch names when cloning

Impact Remote code execution vulnerability in dependabot-common and dependabot-gomodules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$curl,127.0.0.1", Dependabot will make a HTTP request to...

Fedora 33 : cifs-utils (2020-ea0b9caac3)

New upstream release : - fixes CVE-2020-14342 cifs-utils: shell command injection in mount.cifs - adds smb2-quota tool - adds mount.smb3 as a symlink to mount.cifs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

Fedora 32 : cifs-utils (2020-cfdd73f1b4)

New upstream release : - fixes CVE-2020-14342 cifs-utils: shell command injection in mount.cifs - adds smb2-quota tool - adds mount.smb3 as a symlink to mount.cifs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

Markdown-supplied Shell Command Execution

Impact lookatme versions prior to 2.3.0 automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. Patches Users should upgrade to lookatme versions 2.3.0 or...

GHSA-C84H-W6CR-5V8Q Markdown-supplied Shell Command Execution

Impact lookatme versions prior to 2.3.0 automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. Patches Users should upgrade to lookatme versions 2.3.0 or...

lookatme OS Command Injection Vulnerability

lookatme is a terminal-based, interactive pypi codebase for markdown presentations for individual developers. An operating system command injection vulnerability exists in lookatme python/pypi package versions prior to 2.3.0, which can be exploited by an attacker to automatically run malicious...

CVE-2020-15272

In the git-tag-annotation-action open source GitHub Action before version 1.0.1, an attacker can execute arbitrary shell commands if they can control the value of the tag input or manage to alter the value of the GITHUBREF environment variable. The problem has been patched in version 1.0.1. If yo...

CVE-2020-15271 Shell Command Execution in lookatme

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...

CVE-2020-15271

In lookatme (Python/pypi) versions prior to 2.3.0, the package automatically loaded the built-in terminal and file_loader extensions. Rendering untrusted Markdown could cause malicious shell commands to run on the user’s system. This is fixed in version 2.3.0. As a workaround, the files lookatme/...

openSUSE Security Update : cifs-utils (openSUSE-2020-1579)

This update for cifs-utils fixes the following issues : - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs bsc1174477. - Fixed an invalid free in mount.cifs; bsc1152930. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security,...

CVE-2020-14293

confdatetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field obtained from the web interface...

openSUSE: Security Advisory for cifs-utils (openSUSE-SU-2020:1579-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for cifs-utils (moderate)

openSUSE Security Update: Security update for cifs-utils Announcement ID: openSUSE-SU-2020:1579-1 Rating: moderate References: 1152930 1174477 Cross-References: CVE-2020-14342 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...