10 matches found
openSUSE: Security Advisory for libzypp (SUSE-SU-2023:0095-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-22643
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPOALIAS, REPOTYPE or...
CVE-2023-22643 libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPOALIAS, REPOTYPE or...
CVE-2023-22643 libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPOALIAS, REPOTYPE or...
CVE-2023-22643
CVE-2023-22643 affects libzypp-plugin-appdata in SUSE Linux Enterprise Server for SAP 15-SP3 and openSUSE Leap 15.4. The issue is an OS command injection vulnerability due to improper neutralization of special elements in repo configuration (REPO_ALIAS, REPO_TYPE, REPO_METADATA_PATH) that can be ...
SUSE: Security Advisory (SUSE-SU-2023:0140-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : libzypp-plugin-appdata (SUSE-SU-2023:0140-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0140-1 advisory. - CVE-2023-22643: Fixed potential shell injection related to malicious repo names bsc1206836. - Added hardening to systemd service bsc118140...
SUSE-SU-2023:0140-1 Security update for libzypp-plugin-appdata
This update for libzypp-plugin-appdata fixes the following issues: - CVE-2023-22643: Fixed potential shell injection related to malicious repo names bsc1206836. - Added hardening to systemd service bsc1181400...
SUSE: Security Advisory (SUSE-SU-2023:0095-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:0095-1 Security update for libzypp-plugin-appdata
This update for libzypp-plugin-appdata fixes the following issues: - CVE-2023-22643: Fixed potential shell injection related to malicious repo names bsc1206836...