RDoc -- command injection vulnerability

Alexandr Savca reports: RDoc used to call Kernelopen to open a local file. If a Ruby project has a file whose name starts with | and ends with tags, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user...

OPENSUSE-SU-2021:0644-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Firefox was updated to 78.10.0 ESR bsc1184960 CVE-2021-23994: Out of bound write due to lazy initialization CVE-2021-23995: Use-after-free in Responsive Design Mode CVE-2021-23998: Secure Lock icon could have been spoofed...

Arbitrary Command Execution Vulnerability in YMBCMS 9.2

YMBCMS website management system also known as YMBCMS is one of the independent research and development products of Hebei OuRunTianTeng YMBCMS network studio.YMBCMS set computer station, cell phone station, WeChat public platform, small program, APP in one, shared space, data synchronization, is...

CVE-2021-29147

Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.9, and 6.7.14-HF1 contain a remote arbitrary command execution vulnerability. The CVE-2021-29147 issue has been confirmed across multiple sources (NVD, Red Hat, CNVD/CNNVD, CVE records) and Aruba has released patches addressing the vulne...

Apache OFBiz Code Issue Vulnerability

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code issue vulnerability exists in Apache OFBiz versions prior to 17.12.07 that stems from insecure...

[ASA-202104-6] nimble: multiple issues

Arch Linux Security Advisory ASA-202104-6 ========================================= Severity: High Date : 2021-04-29 CVE-ID : CVE-2021-21372 CVE-2021-21373 CVE-2021-21374 Package : nimble Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1842 Summary ======= The packag...

Arbtirary Command Execution

composer/composer is vulnerable to arbitrary command execution. A missing argument delimiter allows an attacker to inject and execute arbitrary commands via VCS repository URLs or source download URLs on systems with Mercurial...

Apache OFBiz 代码问题漏洞

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code issue vulnerability exists in Apache OFBiz versions prior to 17.12.07 that stems from insecure...

Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL

When a user clicked on an FTP URL containing encoded newline characters %0A and %0D, the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

CVE-2021-20711

Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...

CVE-2021-20709

Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker with an administrative privilege to execute arbitrary OS commands by...

RHEL 8 : firefox (RHSA-2021:1362)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1362 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Command Execution Vulnerability in Telecom Gateway Configuration Management System Backend

Founded in September 2000, China Telecom Group Corporation China Telecom is a large state-owned telecommunications company and a global partner of the Shanghai World Expo. A command execution vulnerability exists in the backend of the Telecom Gateway Configuration Management System. An attacker c...

Dell Technologies Dell PowerScale OneFS Operating System Command Injection Vulnerability

Dell Technologies Dell PowerScale OneFS is an operating system from Dell Technologies, USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. An operating system command injection vulnerability exists in Dell PowerScale OneFS versions 8.1.0 through 9.1.0 that allows...

Tobesoft Xplatform Command Injection Vulnerability

Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS auto-setting, and multi-document interfaces. A command injection vulnerability exists in XPlatform versions prior to 9.2.2.280. The vulnerability stems from...

Arbitrary Command Execution

ffmpegdotjs is vulnerable to arbitrary command execution. Untrusted user input is passed into the trimvideo function and subsequently parsed in exec function. This allows an attacker to execute arbitrary commands on the host OS...

Mozilla Firefox < 88.0

The version of Firefox installed on the remote Windows host is prior to 88.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-16 advisory. - Mozilla developers and community members Ryan VanderMeulen, Sean Feng, Tyson Smith, Julian Seward, Christian Holler...

SUSE: Security Advisory (SUSE-SU-2019:3307-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:3308-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-23379

CVE-2021-23379 – portkiller (npm) : Portkiller is vulnerable to remote arbitrary command execution via attacker-controlled input passed to the child_process.exec function without input sanitization. Root cause: unsanitized user input in the portkiller execution path. Affected: all versions of por...