35 matches found
SUSE CVE-2025-54314
Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...
Withdrawn Advisory: Thor can construct an unsafe shell command from library input.
Withdrawn Advisory This advisory has been withdrawn because the method described can only be used with arguments that are controlled by Thor, and an external attacker cannot access the functionality described in the body of the CVE. This link is maintained to preserve external references. Origina...
AZL-65631 CVE-2025-54314 affecting package rubygem-thor for versions less than 1.2.1-3
Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...
AZL-65613 CVE-2025-54314 affecting package rubygem-thor 1.2.1-1
Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...
PT-2025-30163
Name of the Vulnerable Software and Affected Versions Thor versions prior to 1.4.0 Description Thor versions prior to 1.4.0 can construct an unsafe shell command from library input. Recommendations Update Thor to version 1.4.0 or later...
CVE-2025-54314
Removed by vendor...
Thor can construct an unsafe shell command from library input.
Thor before 1.4.0 can construct an unsafe shell command from library input...
SUSE CVE-2015-9059
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely...
SUSE CVE-2019-11627
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...
CVE-2019-11627
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...
CVE-2019-11627
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...
Remote Code Execution (RCE)
funcster is vulnerable to remote code execution RCE attacks. The application uses the unsafe shell execution API commands, allowing a malicious user to inject and execute arbitrary code through the git checkout command...
Remote Code Execution (RCE)
pullit is vulnerable to remote code execution RCE attacks. The application uses the unsafe shell execution API commands, allowing a malicious user to inject and execute arbitrary code through the git checkout command...
DEBIAN-CVE-2015-9059
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely...
netbsd/x86 setreuid(0, 0); execve("/bin//sh", ..., NULL); 29 bytes
No description provided by source. / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve/bin//sh, ..., NULL; note: unsafe shellcode, but 29 bytes long; doesn't work if eax & 0x40000000 != 0; / include sys/types.h include stdio.h include string.h char scode = \x99 // cltd...