maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

SUSE CVE-2023-34153

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding...

maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

CVE-2023-25507

NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering...

CVE-2023-28983 Junos OS Evolved: Shell Injection vulnerability in the gNOI server

An OS Command Injection vulnerability in gRPC Network Operations Interface gNOI server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4...

CVE-2023-28983 Junos OS Evolved: Shell Injection vulnerability in the gNOI server

An OS Command Injection vulnerability in gRPC Network Operations Interface gNOI server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4...

Amazon Linux 2023 : maven-shared-utils, maven-shared-utils-javadoc (ALAS2023-2023-077)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-077 advisory. org.apache.maven.shared:maven-shared-utils is a functional replacement for plexus-utils in Maven. Affected versions of this package are vulnerable to Command Injection. The Commandline class can emit...

SUSE CVE-2023-27985

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...

AZL-25581 CVE-2023-27985 affecting package emacs for versions less than 28.2-4

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...

DEBIAN-CVE-2023-27985

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...

UBUNTU-CVE-2023-27985

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...

Debian: Security Advisory (DLA-745-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-369-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-20680 · Mailcow +3 · Mailcow +3

Name of the Vulnerable Software and Affected Versions: mailcow versions prior to the 2023-03 Update Description: The Sync Job feature in mailcow, a dockerized email package, suffers from a shell command injection. This allows a malicious user to obtain shell access to the Docker container running...

SUSE CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

SUSE CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

SUSE CVE-2017-15108

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed...

SUSE CVE-2017-1000116

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...

SUSE CVE-2018-10932

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal...

SUSE CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...