SUSE-SU-2024:1547-1 Security update for flatpak

This update for flatpak fixes the following issues: - CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious app due to insufficient 'command' argument sanitization bsc1223110...

SUSE-SU-2024:1535-1 Security update for flatpak

This update for flatpak fixes the following issues: - CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious app due to insufficient 'command' argument sanitization bsc1223110...

jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE

A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the "@" character followed by a file path in an argument with the file’s contents expandAtFiles...

Multiple issues involving quote API

Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes and \xa0 to appear unquoted and unescaped in command arguments. If the output of quote or join is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments. Thi...

The vulnerability of Siemens SCALANCE and RUGGEDCOM industrial switches lies in the insufficient checking of arguments passed in commands, allowing attackers to execute arbitrary commands.

The vulnerability of Siemens SCALANCE and RUGGEDCOM industrial switches lies in insufficient verification of the arguments passed in the commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, arises from insufficient validation of arguments passed in commands. This allows attackers to execute arbitrary code.

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, stems from insufficient validation of arguments passed in commands. This allows attackers to execute arbitrary code.

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, arises from insufficient validation of arguments passed in commands. This allows attackers to execute arbitrary code.

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of the FortiIsolator browser isolation platform lies in insufficient validation of arguments passed to commands, allowing attackers to execute arbitrary operating system commands.

The vulnerability of the FortiIsolator browser isolation platform lies in insufficient checking of arguments passed to commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands on the operating system...

The vulnerability in the web interface of Supermicro X11 series BMC IPMI servers is related to insufficient validation of arguments passed in commands, allowing attackers to execute arbitrary code.

The vulnerability of the web interface of the BMC IPMI server from Supermicro’s X11 series is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-39288

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploi...

CVE-2023-39287

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 22.24.5800.0 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit...

CVE-2023-39287

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 22.24.5800.0 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit...

The vulnerability of the Identity Manager software component, used for managing and controlling access to corporate resources and IBM Security Verify Governance applications, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Identity Manager software component, which is used for managing and controlling access to corporate resources and applications in IBM Security Verify Governance, stems from insufficient validation of arguments passed to the command process. Exploiting this vulnerability...

The vulnerability of the mySCADA myPRO industrial process visualization and control system lies in insufficient validation of the arguments transmitted in commands, allowing a hacker to execute arbitrary code in the operating system.

The vulnerability of the mySCADA myPRO industrial process visualization and control system is related to insufficient verification of the arguments sent in commands. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code in the operating system...

The vulnerability of the mySCADA myPRO industrial process visualization and control system, related to insufficient verification of arguments transmitted in commands, allows a perpetrator to execute arbitrary code in the operating system.

The vulnerability of the mySCADA myPRO industrial process visualization and control system is related to insufficient verification of the arguments sent in commands. Exploiting this vulnerability allows a malicious actor to execute any code in the operating system...

The vulnerability of the mySCADA myPRO industrial process visualization and control system lies in insufficient validation of the arguments transmitted in commands, allowing a hacker to execute arbitrary code in the operating system.

The vulnerability of the mySCADA myPRO industrial process visualization and control system is related to insufficient verification of the arguments sent in commands. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the operating system...

The vulnerability in the built-in operating system Cradlepoint NetCloud (NCOS) arises from insufficient validation of arguments passed in commands, allowing a malicious actor to execute arbitrary code.

The vulnerability of the built-in operating system Cradlepoint NetCloud NCOS is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker to execute arbitrary code by rebooting the device and accessing the BIOS...

CVE-2021-45456

CVE-2021-45456 affects Apache Kylin 4.0.0. Multiple connected sources describe a mismatch between the legitimacy check for the project name and the shell command argument in DiagnosisService, enabling potential command injection. The issue is network-exploitable with a very high CVSS score (3.1: ...

PT-2021-4684 · Cisco · Cisco Ftd

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to insufficient validation of command arguments in the Command Line Interface CLI of Cisco Firepower Threat Defense FTD Software. Th...