CVE-2022-3086

Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to a shell-escape command-injection that allows local attackers with non-superuser credentials to gain full shell access and potentially execute arbitrary code. Affected product: Cradlepoint IBR600 NCOS (NETCLOUD OS) up to 6....

Cradlepoint IBR600

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Cradlepoint Equipment: IBR600 Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code and native system commands. 3. TECHNICAL DETAILS 3.1...

Oracle Linux 7 : pcs (ELSA-2022-7343)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7343 advisory. 0.9.169-3.0.1 - replace logo pcsd/public/favicon.ico in tarball - remove Source1 HAM-logo.png 0.9.169-3.el73.2 - Update rubygem rack - Upgrade jquery i...

RHEL 7 : pcs (RHSA-2022:7343)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7343 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: crafted...

rubygem-rack: crafted requests can cause shell escape sequences

A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's Lint middleware and CommonLogger middleware. This issue can leverage these escape sequences to execute commands in the victim's...

Important: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2022-20855

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the...

CVE-2022-36064

CVE-2022-36064 (Shescape) affects the JavaScript package Shescape. The vulnerability is an inefficient Regular Expression Complexity (ReDoS) in two RegExes used when escaping arguments for Unix shells (notably Bash/Dash) or when using escape/escapeAll with interpolation enabled. An attacker can c...

Debian: Security Advisory (DLA-3095-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3095-1] ruby-rack security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3095-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta September 04, 2022 https://wiki.debian.org/LTS -...

Code injection

Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by...

CVE-2022-31180 Insufficient escaping of whitespace in shescape

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

CVE-2022-31180

Shescape (a JavaScript shell-escape package) has an input-escaping vulnerability affecting the escape/escapeAll functions when interpolation is true. The issue allows shell-specific behavior or arbitrary commands via whitespace-containing input, with four attack patterns described (spaces, line e...

CVE-2016-4991

Input passed to the Pdf function is shell escaped and passed to childprocess.exec during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3....

CVE-2016-4991

Input passed to the Pdf function is shell escaped and passed to childprocess.exec during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3....

SUSE-SU-2022:2526-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS bsc1200748 - CVE-2022-30123: Fixed crafted requests can cause shell escape sequences bsc1200750 The following non-security bug was fixed: - Fixed a regression in...

Mageia: Security Advisory (MGASA-2022-0252)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0252 Updated ruby-rack packages fix security vulnerability

Crafted multipart POST request may cause a DoS CVE-2022-30122 Crafted requests can cause shell escape sequences CVE-2022-30123...

Updated ruby-rack packages fix security vulnerability

Crafted multipart POST request may cause a DoS CVE-2022-30122 Crafted requests can cause shell escape sequences CVE-2022-30123...

OESA-2022-1729 rubygem-rack security update

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...