SUSE CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

SUSE CVE-2020-16846

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

SUSE CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

SUSE CVE-2021-3197

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

SUSE CVE-2021-3515

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...

SUSE CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

CVE-2023-22643 libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPOALIAS, REPOTYPE or...

CVE-2023-22643 libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPOALIAS, REPOTYPE or...

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service DoS and information disclosure. The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version...

SUSE-SU-2023:0140-1 Security update for libzypp-plugin-appdata

This update for libzypp-plugin-appdata fixes the following issues: - CVE-2023-22643: Fixed potential shell injection related to malicious repo names bsc1206836. - Added hardening to systemd service bsc1181400...

SUSE: Security Advisory (SUSE-SU-2023:0095-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0095-1 Security update for libzypp-plugin-appdata

This update for libzypp-plugin-appdata fixes the following issues: - CVE-2023-22643: Fixed potential shell injection related to malicious repo names bsc1206836...

maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

Amazon Linux 2022 : maven-shared-utils (ALAS2022-2022-242)

The version of maven-shared-utils installed on the remote host is prior to 3.3.4-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-242 advisory. - In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings...

OPENSUSE-SU-2022:10179-1 Security update for jhead

This update for jhead fixes the following issues: - CVE-2022-41751: Fixed shell injection via filenames boo1204409...

OPENSUSE-SU-2022:10178-1 Security update for jhead

This update for jhead fixes the following issues: - CVE-2022-41751: Fixed shell injection via filenames boo1204409...

Security update for jhead (important)

openSUSE Security Update: Security update for jhead Announcement ID: openSUSE-SU-2022:10179-1 Rating: important References: 1204409 Cross-References: CVE-2022-41751 CVSS scores: CVE-2022-41751 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ...

Security update for jhead (important)

openSUSE Security Update: Security update for jhead Announcement ID: openSUSE-SU-2022:10178-1 Rating: important References: 1204409 Cross-References: CVE-2022-41751 CVSS scores: CVE-2022-41751 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ...

Debian: Security Advisory (DSA-5242-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...