CVE-2022-36064 Shescape Inefficient Regular Expression Complexity vulnerability

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...

CVE-2022-36064 Shescape Inefficient Regular Expression Complexity vulnerability

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...

Ericsson Evolved Packet Gateway 安全漏洞

Ericsson Evolved Packet Gateway is a multifunctional gateway for mobile communications from Ericsson, Sweden. A security vulnerability exists in Ericsson Evolved Packet Gateway that stems from a lack of input validation. The vulnerability can be exploited to bypass the system CLI and execute...

OS Command Injection

Apache Spark is vulnerable to OS command injection. The vulnerability exists it is possible to impersonate using an arbitrary user name if ACL is enabled, allowing an attacker to provide malicious input to build and execute a Unix shell command arbitrarily...

CVE-2022-33891 Apache Spark shell command injection vulnerability via Spark UI

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to...

Zi - A Swiss Army Knife for Zsh - Unix Shell

A Swiss Army Knife for Zsh - Unix Shell. Roadmap See the open issues for a list of proposed features and known issues. Top Feature Requests Add your votes using the  reaction Top issues Add your votes using the  reaction Newest issues Contributing First off, thanks for taking the time to...

Old Gatekeeper bypass vulnerability in macOS exploited

THREAT LEVEL: Amber For a detailed advisory, download the pdf file here A gatekeeper bypass vulnerability exists in macOS Big Sur and has been assigned CVE-2021-30853. An attacker can exploit this issue by using a specially-crafted script-based application downloaded from the Internet. This allow...

Important: Red Hat Security Advisory: ksh security update

An update for ksh is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Important: Red Hat Security Advisory: ksh security update

An update for ksh is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Important: Red Hat Security Advisory: ksh security update

An update for ksh is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact o...

CVE-2019-17514

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...

Oracle Linux 7 : ksh (ELSA-2020-0568)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-0568 advisory. 20120801-140.0.1 - disable ASTnospawnveg for taskset workaround orabug 26754277 Red Hat Bug: 1295563 20120801-140 - Do not evaluate arithmetic expressions from...

EulerOS 2.0 SP8 : python2 (EulerOS-SA-2020-1024)

According to the version of the python2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as...

EulerOS 2.0 SP8 : python3 (EulerOS-SA-2020-1025)

According to the version of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as...

CVE-2011-2523

vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp...

CVE-2019-17514

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...

Design/Logic Flaw

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...

CVE-2019-17514

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that...

CVE-2019-17514

CVE-2019-17514 concerns the Python documentation (library/glob.html) prior to 2016, which could mislead about sorting in glob.glob. It is not a Python implementation bug, and there are no reports of affected security-relevant code in Python itself. The provided sources note a workaround in newer ...

Roku TV, Sonos Speaker Devices Open to Takeover

The DNS rebinding flaw reported in Google Home and Chromecast devices earlier this week is about to get a patch — but the same type of flaws have come to light for other top-name consumer Internet of Things devices, from Roku and Sonos. Fortunately, Roku has already started deploying its update,...