CVE-2023-46604

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...

CVE-2023-43072

Dell SmartFabric Storage Software v1.4 and earlier contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands...

CVE-2023-43072

Dell SmartFabric Storage Software v1.4 and earlier contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands...

PT-2023-28682 · Dell · Dell Smartfabric Storage

Name of the Vulnerable Software and Affected Versions: Dell SmartFabric Storage Software versions 1.4 and earlier Description: The issue is related to an improper access control vulnerability in the Command Line Interface CLI of the software. A local, possibly unauthenticated attacker could explo...

Freewill Solutions IFIS new trading web application vulnerable to unauthenticated remote code execution

Overview Freewill Solutions IFIS new trading web application version 20.01.01.04 is vulnerable to unauthenticated remote code execution. Successful exploitation of this vulnerability allows an attacker to run arbitrary shell commands on the affected host. Description Freewill Solutions IFIS new...

HCL Technologies BigFix Mobile 命令注入漏洞

HCL Technologies BigFix Mobile is a Mobile Device Management MDM solution from HCL Technologies. It is designed to help businesses and organizations effectively manage and secure mobile devices, including smartphones, tablets and other mobile devices. HCL Technologies BigFix Mobile suffers from a...

Oracle Linux 8 / 9 : texlive (ELSA-2023-3661)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3661 advisory. 9:20200406-26 - Resolves: 2209872, CVE-2023-32700 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

CVE-2023-26210

Multiple improper neutralization of special elements used in an os command 'OS Command Injection' vulnerabilties CWE-78 vulnerability in Fortinet allows a local authenticated attacker to execute arbitrary shell code as root user via crafted CLI requests...

CVE-2023-34334

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2023-34343

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

FortiADC & FortiADC Manager - Command injection vulnerabilities in cli commands

Multiple improper neutralization of special elements used in an os command 'OS Command Injection' vulnerabilties CWE-78 in FortiADC & FortiADC Manager may allow a local authenticated attacker to execute arbitrary shell code as root user via crafted CLI requests...

PT-2023-12820 · Percona +1 · Percona Xtrabackup +1

Name of the Vulnerable Software and Affected Versions: Percona XtraBackup versions 2.2.0 through 2.2.24 Percona XtraBackup versions 3.0.0 through 8.0.27-19 Description: A crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands...

Fedora 37 : texlive-base (2023-d261122726)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d261122726 advisory. Fix CVE-2023-32700 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

SUSE SLES15 / openSUSE 15 Security Update : texlive (SUSE-SU-2023:2285-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2285-1 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted sourc...

Debian: Security Advisory (DLA-3427-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3427 : libkpathsea-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3427 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3427-2 [email protected]...

Debian DSA-5406-1 : texlive-bin - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5406 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets t...

CVE-2023-32007

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

CVE-2023-32007

CVE-2023-32007 describes a command injection in the Apache Spark UI when ACLs are enabled via spark.acls.enable. A path in HttpSecurityFilter could allow impersonation by supplying an arbitrary username, enabling a permission check to build and execute a Unix shell command as the Spark process us...

Osprey Pump Controller 操作系统命令注入漏洞

Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from an operating system command injection vulnerability. The vulnerability can be exploited to inject and execute arbitrary shell commands via the index.ph...