934 matches found
CVE-2022-29599
CVE-2022-29599 affects the Maven project’s shared utilities: maven-shared-utils, prior to version 3.3.3. The issue lies in the Commandline class, which can emit double-quoted strings without proper escaping, enabling shell injection attacks. The vulnerability is reported with high severities (CVS...
CVE-2022-29599
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...
GHSA-3QMG-C9VC-R47J Mercurial is vulnerable to shell injection attack
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...
Mercurial is vulnerable to shell injection attack
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...
Akeneo PIM vulnerable to shell injection in the mass edition
Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...
GHSA-Q8CR-XPHM-7GFV Akeneo PIM vulnerable to shell injection in the mass edition
Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...
AZL-9649 CVE-2022-1292 affecting package openssl for versions less than 1.1.1k-15
The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...
maven-shared-utils: Command injection via Commandline class
A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...
maven-shared-utils: Command injection via Commandline class
A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...
PT-2022-7347 · Apache +8 · Apache Maven Maven-Shared-Utils +8
Name of the Vulnerable Software and Affected Versions: Apache Maven maven-shared-utils versions prior to 3.3.3 Description: The issue is related to the Commandline class in Apache Maven maven-shared-utils, which can emit double-quoted strings without proper escaping. This allows for shell injecti...
ALPINE-CVE-2015-20107
In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...
CVE-2015-20107
In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...
DEBIAN-CVE-2022-27811
GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename...
shescape Information Disclosure Vulnerability
shescape is an open source package of simple shell escaping programs for JavaScript. Use it to escape user-controlled input to shell commands to prevent shell injection. shescape versions 1.4.0 through 1.5.1 are vulnerable to an information disclosure vulnerability that stems from using the escap...
ruby: Code injection via command argument of Shell#test / Shell#[]
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...
CVE-2022-22945
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...
CVE-2022-22945
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...
CVE-2022-22945
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...
Design/Logic Flaw
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...
CVE-2022-22945
VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root...