1820 matches found
[SECURITY] [DSA 5314-1] emacs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5314-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 11, 2023 https://www.debian.org/security/faq -...
Fedora 36 : mingw-python3 (2022-d1682fef04)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d1682fef04 advisory. Update to python-3.10.8. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (password) Unauthenticated Command Injection
Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...
CVE-2022-40282
The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is...
python: mailcap: findmatch() function does not sanitize the second argument
A command injection vulnerability was found in the Python mailcap module. The issue occurs due to not adding escape characters into the system mailcap file commands. This flaw allows attackers to inject shell commands into applications that call the mailcap.findmatch function with untrusted input...
Oracle Linux 8 : python38:3.8 / and / python38-devel:3.8 (ELSA-2022-7581)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7581 advisory. Cython 0.29.14-4 - Exclude unsupported i686 arch 0.29.14-3 - Unversioned binaries renamed 0.29.14-2 - Adjusted for Python 3.8 module in RHEL 8 - without emacs...
Oracle Linux 8 : python27:2.7 (ELSA-2022-7593)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7593 advisory. - Fix CVE-2021-20095 Resolves: rhbz1955615 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...
phpMyFAQ < 3.2.0 XSS Vulnerability
phpMyFAQ is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"...
FLIR AX8 1.46.16 Remote Command Injection Exploit
All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability...
EulerOS 2.0 SP3 : python (EulerOS-SA-2022-2632)
According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. Thi...
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2022-2632)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-33873
An improper neutralization of special elements used in an OS Command 'OS Command Injection' vulnerabilities CWE-78 in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the...
EulerOS Virtualization 2.9.0 : python3 (EulerOS-SA-2022-2398)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system...
[SECURITY] [DSA 5229-1] freecad security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5229-1 [email protected] https://www.debian.org/security/ Aron Xu September 13, 2022 https://www.debian.org/security/faq -...
The vulnerability of the microprogrammed software of the CentreCOM AR260S V2 exists due to the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.
The vulnerability of the microprogrammed software of the CentreCOM AR260S V2 router exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary shell commands on the...
DEBIAN-CVE-2021-4041
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...
PYSEC-2022-253
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...
PT-2022-23777 · Flir · Flir Ax8
Name of the Vulnerable Software and Affected Versions: FLIR AX8 thermal sensor cameras version up to and including 1.46.16 Description: The issue allows for Remote Command Injection, which can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST...
CVE-2022-37061
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow th...
Pict - Post-Infection Collection Toolkit
This set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to facilitate the incident response process. This data should not be considered to be a full forensic data collection, but does capture a lot of useful forensic information. If you want true...