33 matches found
SUSE CVE-2025-61141
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...
GO-2025-4088 sqls-server/sqls is vulnerable to command injection in the config command in github.com/sqls-server/sqls
sqls-server/sqls is vulnerable to command injection in the config command in github.com/sqls-server/sqls...
CVE-2025-61141
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...
EUVD-2025-37196
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...
GHSA-F9F4-5859-29MF sqls-server/sqls is vulnerable to command injection in the config command
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...
sqls-server/sqls is vulnerable to command injection in the config command
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...
CVE-2025-61141
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...
CVE-2025-61141
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands...
CVE-2025-61141
The CVE-2025-61141 entry concerns sqls-server/sqls version 0.2.28, which is vulnerable to command injection in the config command. The root cause is that openEditor passes the EDITOR environment variable and the config file path to sh -c without sanitization, enabling an attacker to execute arbit...
PT-2025-44455
Name of the Vulnerable Software and Affected Versions sqls-server/sqls version 0.2.28 Description sqls-server/sqls version 0.2.28 contains a command injection issue in the config command. The openEditor function passes the EDITOR environment variable and the config file path to sh -c without prop...
Malicious code in config-command-apex-phoebe (npm)
The package config-command-apex-phoebe was found to contain malicious code...
MAL-2025-17473 Malicious code in config-command-apex-phoebe (npm)
The package config-command-apex-phoebe was found to contain malicious code...
CVE-2024-45307 SudoBot missing authorization check in `-config` command
SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the -config command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is...
CVE-2024-45307 SudoBot missing authorization check in `-config` command
SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the -config command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is...
SudoBot 安全漏洞
SudoBot is an open source Discord audit bot from OneSoftNet. A security vulnerability exists in versions of SudoBot prior to 9.26.7 that stems from improper privilege control of the -config command, which could allow an unauthorized user to update any of the robot's configurations and gain contro...
Fedora 39 : composer (2024-bb55f8476a)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bb55f8476a advisory. Version 2.7.7 2024-06-10 Security: Fixed command injection via malicious git branch name GHSA-47f6-5gq3-vx9c / CVE-2024-35241 Security: Fixed multip...
GHSA-PXMR-Q2X3-9X9M Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Summary The Home Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However, the API also exposes testconfigcmd, reloadcmd and restartcmd. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sendi...
Fedora 27 : fedpkg / rpkg (2017-9cac2b8b4a)
Update - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg rpkg - Ignore TestModulesCli if openidc-client is unavailable cqi - Port mbs-build to rpkg mprahl - Add .vscode to .gitignore mprahl - Fix TestPatch.testrediff in order to run with old version of mock cqi - Allow t...
Scientific Linux Security Update : ntp on SL7.x x86_64 (20161103)
Security Fixes : - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker coul...