16 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-1000487
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. CVE-2017-1000487 Note...
RHEL 7 : opendaylight (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - plexus-utils: Mishandled strings in Commandline class allow for command injection CVE-2017-1000487 Note that Nessus...
Security Bulletin: Publicly disclosed vulnerabilities in Plexus-utils affect IBM Netezza Analytics
Summary Plexus-utils is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2017-1000487 DESCRIPTION: Plexus-utils could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of...
ai.libs.thirdparty:interruptible-meka (>=0.1.0 <=0.1.2), ai.rev.speechtotext:revai-java-sdk-speechtotext (>=1.0.0 <=1.4.0) +9775 more potentially affected by CVE-2017-1000487 via org.codehaus.plexus:plexus-utils (>=1.0.4 <=3.0.15)
org.codehaus.plexus:plexus-utils MAVEN version =1.0.4, =0.1.0, =1.0.0, =2.1.0, =1.0.0, =1.0.0, =1.0.0, =2.1.9, =2.1.9, =2.4.13 - au.com.turingg:turingg-files =0.0.1 and more Source cves: CVE-2017-1000487 Source advisory: OSV:GHSA-8VHQ-QQ4P-GRQ3...
Code Injection and Directory Traversal in plexus-utils
This vulnerability allows unauthenticated remote attackers to inject code and XML as well as perform directory traversal via CVE-2017-1000487 - command injection sonatype-2016-0398 - directory traversal sonatype-2015-0173 - XML Injection The affected versions are before version 7.2.2, and before...
JFrog < 7.11.1 Multiple Vulnerabilities
According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.11.1. It is, therefore, affected by multiple vulnerabilities: - A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This...
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Plexus-utils (CVE-2017-1000487)
Summary Plexus-utils could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input. By sending contents with double quoted strings, an attacker could exploit this vulnerability to execute arbitrary commands on the system...
Debian DSA-4149-1 : plexus-utils2 - security update
Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian DSA-4146-1 : plexus-utils - security update
Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. C Tenable Network Security, Inc. The descriptive text and package checks in this...
[SECURITY] [DSA 4146-1] plexus-utils security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4146-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DLA 1237-1] plexus-utils2 security update
Package : plexus-utils2 Version : 2.0.5-1+deb7u1 CVE ID : CVE-2017-1000487 Charles Duffy discovered that the Commandline class in plexus-utils2, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject...
CVE-2017-1000487
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...
CVE-2017-1000487
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...
CVE-2017-1000487
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...
CVE-2017-1000487
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...
CVE-2017-1000487
Plexus-utils (component: Plexus-utils library) is vulnerable prior to version 3.0.16 due to improper handling of contents inside double-quoted strings, enabling potential command injection. Affected product references indicate compatibility and remediation paths, with fixes available in 3.0.16 or...