Lucene search
K

6 matches found

Snyk
Snyk
added 2025/12/02 6:26 a.m.4 views

Command Injection

Overview agentc is a The front-facing package for the Couchbase Agent Catalog project. Affected versions of this package are vulnerable to Command Injection due to unsafe use of subprocess.run when invoking the default system editor during the agentc add operation. The application directly execut...

9.8CVSS8.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2018/06/27 7:19 p.m.5 views

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

7.8CVSS7.2AI score0.0556EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/06/27 7:2 p.m.4 views

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

9.3CVSS7.2AI score0.0556EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/23 5:37 p.m.4 views

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

7.8CVSS7.2AI score0.0556EPSS
Exploits0References4
OSV
OSV
added 2018/04/06 1:29 p.m.1 views

DEBIAN-CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

7.8CVSS7.9AI score0.0556EPSS
Exploits0References1
OSV
OSV
added 2017/12/11 6:29 a.m.4 views

DEBIAN-CVE-2017-17523

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument...

8.8CVSS8.3AI score0.02109EPSS
Exploits0References1
Rows per page
Query Builder