PT-2024-29581 · Starship · Starship

Name of the Vulnerable Software and Affected Versions: Starship versions 1.0.0 through 1.19.x Description: Starship is a cross-shell prompt that has undocumented and unpredictable shell expansion and/or quoting rules, making it easy to accidentally cause shell injection when using custom commands...

CVE-2024-3121

Parisneo/lollms version 5.9.0 is affected by CVE-2024-3121. The issue resides in create_conda_env, where unsafely using subprocess.Popen with shell=True injects commands via env_name and python_version, enabling Remote Code Execution. The vulnerability is demonstrated by potential execution of co...

RHEL 7 : python-pygments (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-pygments: Shell injection in FontManager.getnixfontpath CVE-2015-8557 Note that Nessus has not tested for th...

GLSA-202405-13 : borgmatic: Shell Injection

The remote host is affected by the vulnerability described in GLSA-202405-13 borgmatic: Shell Injection Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. @NOAGENT@ The descriptive text...

borgmatic: Shell Injection

Background borgmatic is simple, configuration-driven backup software for servers and workstations. Description Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation. Impact Shell...

Ubuntu: Security Advisory (USN-6730-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Maven Shared Utils vulnerability (USN-6730-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6730-1 advisory. It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell...

USN-6730-1: Apache Maven Shared Utils vulnerability

It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code...

USN-6730-1 maven-shared-utils vulnerability

It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code...

CVE-2024-29443

PT-2024-3637 (ROS2) describes a vulnerability related to handling of shell command execution via ROS VERSION and ROS PYTHON VERSION environment variables. Affected software: ROS2 versions 2 through 3. Root cause: lack of proper neutralization of special elements used in operating system commands,...

CVE-2024-30726

This CVE-2024-30726 entry is rejected/not used and does not represent an active vulnerability.

CVE-2024-30712

CVE-2024-30712 entry is rejected/not used; this ID does not represent an active vulnerability.

PT-2024-23573 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 versions 2 Description: A shell injection issue was discovered in ROS2, allowing attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components...

CVE-2024-30694

CVE-2024-30694 entry is rejected/not used as explicitly stated in the Initial Description.

CVE-2024-30680

CVE-2024-30680 entry is rejected and does not represent an active vulnerability.

PT-2024-23563 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: A shell injection issue was discovered, allowing attackers to execute arbitrary code, escalate privileges, and obtain sensitive information due to the...

CVE-2024-30659

CVE-2024-30659 is rejected/not used; this CVE entry is not active.

PT-2024-23547 · Ros · Ros

Name of the Vulnerable Software and Affected Versions: ROS Robot Operating System Melodic Morenia versions ROS VERSION 1 and ROS PYTHON VERSION 3 Description: The issue allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information. It is described as a Shell...

PT-2024-23589 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 versions 2 Description: A shell injection issue was discovered, allowing remote attackers to potentially exploit the system. Recommendations: For ROS2 version 2, at the moment, there is no information about a new...

Important: ruby

Issue Overview: A flaw was discovered in Ruby in the way certain functions handled strings containing NULL bytes. Specifically, the built-in methods File.fnmatch and its alias File.fnmatch? did not properly handle path patterns containing the NULL byte. A remote attacker could exploit this flaw t...