Lucene search
K

35 matches found

SUSE CVE
SUSE CVE
added 2025/07/21 11:22 p.m.5 views

SUSE CVE-2025-54314

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

2.8CVSS7.2AI score0.00155EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/07/20 3:30 a.m.7 views

Withdrawn Advisory: Thor can construct an unsafe shell command from library input.

Withdrawn Advisory This advisory has been withdrawn because the method described can only be used with arguments that are controlled by Thor, and an external attacker cannot access the functionality described in the body of the CVE. This link is maintained to preserve external references. Origina...

2.8CVSS6.1AI score0.00155EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2025/07/20 3:15 a.m.4 views

AZL-65631 CVE-2025-54314 affecting package rubygem-thor for versions less than 1.2.1-3

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

2.8CVSS7.2AI score0.00155EPSS
Exploits0References1
OSV
OSV
added 2025/07/20 3:15 a.m.7 views

AZL-65613 CVE-2025-54314 affecting package rubygem-thor 1.2.1-1

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

2.8CVSS5.7AI score0.00155EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/20 12:0 a.m.4 views

PT-2025-30163

Name of the Vulnerable Software and Affected Versions Thor versions prior to 1.4.0 Description Thor versions prior to 1.4.0 can construct an unsafe shell command from library input. Recommendations Update Thor to version 1.4.0 or later...

7.8CVSS7.2AI score0.00155EPSS
Exploits0References23
Debian CVE
Debian CVE
added 2025/07/20 12:0 a.m.4 views

CVE-2025-54314

Removed by vendor...

2.8CVSS7.4AI score0.00155EPSS
Exploits0
RubySec
RubySec
added 2025/07/20 12:0 a.m.10 views

Thor can construct an unsafe shell command from library input.

Thor before 1.4.0 can construct an unsafe shell command from library input...

2.8CVSS7.2AI score0.00155EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.4 views

SUSE CVE-2015-9059

picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely...

10CVSS9.6AI score0.0218EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.3 views

SUSE CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

9.8CVSS7.4AI score0.02755EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2019/04/30 11:29 p.m.28 views

CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

10CVSS6.8AI score0.02755EPSS
Exploits1References2
OSV
OSV
added 2019/04/30 11:29 p.m.6 views

CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

9.8CVSS9.6AI score
Exploits0References3
Veracode
Veracode
added 2018/06/18 10:55 a.m.11 views

Remote Code Execution (RCE)

funcster is vulnerable to remote code execution RCE attacks. The application uses the unsafe shell execution API commands, allowing a malicious user to inject and execute arbitrary code through the git checkout command...

8.2AI score
Exploits0
Veracode
Veracode
added 2018/06/18 8:52 a.m.8 views

Remote Code Execution (RCE)

pullit is vulnerable to remote code execution RCE attacks. The application uses the unsafe shell execution API commands, allowing a malicious user to inject and execute arbitrary code through the git checkout command...

8.2AI score
Exploits0
OSV
OSV
added 2017/05/28 12:29 a.m.1 views

DEBIAN-CVE-2015-9059

picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely...

9.8CVSS7.7AI score0.0218EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

netbsd/x86 setreuid(0, 0); execve("/bin//sh", ..., NULL); 29 bytes

No description provided by source. / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve/bin//sh, ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / include sys/types.h include stdio.h include string.h char scode = \x99 // cltd...

7.1AI score
Exploits0
Rows per page
Query Builder