Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the process that renders the Gallery or Kanban view when a malicious URL is stored in the mAsset field and used as a cover image. An attacker can execute arbitrary operating system commands under the victim's...

PT-2024-33341 · Mbed Tls · Mbed Tls

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 3.5.x through 3.6.x before 3.6.2 Description: The issue is related to a buffer underrun in the pkwrite function when writing an opaque key pair. Recommendations: For Mbed TLS versions 3.5.x through 3.6.x before 3.6.2, update...

OESA-2023-1939 fish security update

fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure. Security Fixes: fish is a smart and user-friendly comman...

DEBIAN-CVE-2023-49284

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

AZL-32081 CVE-2023-49284 affecting package fish for versions less than 3.6.2-1

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

CVE-2023-22472 Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...

PT-2023-18524 · Nextcloud · Nextcloud Desktop Client

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.2 Description: The issue affects Deck, a kanban style organization tool integrated with Nextcloud, allowing an attacker to make a user send any POST request with an arbitrary body if they click o...

Command Injection

Overview codecov is a npm package for uploading reports to Codecov. Affected versions of this package are vulnerable to Command Injection. The value provided as part of the gcov-args argument is executed by the exec function within lib/codecov.js. PoC by JHU System Security Lab var root =...

PT-2019-15816 · Red Hat · Ansible Tower

Name of the Vulnerable Software and Affected Versions: Ansible Tower versions 3.6.x before 3.6.2 Description: A flaw was found in Ansible Tower where files in '/var/backup/tower' are left world-readable. These files include both the SECRET KEY and the database backup. Any user with access to the...