CVE-2023-40582

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

CVE-2023-40582 Command Injection Vulnerability in find-exec

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

CVE-2023-40582 Command Injection Vulnerability in find-exec

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

CVE-2023-40582

The CVE pertains to the find-exec utility, where earlier versions (prior to 1.0.3) fail to properly escape user input, enabling Command Injection via attacker-controlled parameters. This could allow an attacker to run arbitrary shell commands with the privileges of the running process. The issue ...

find-exec 操作系统命令注入漏洞

find-exec is a shime personal developer that takes a list of shell commands and returns the first available command. An operating system command injection vulnerability exists in find-exec versions prior to 1.0.3, which stems from the inability to properly escape user input and the ease with whic...

PT-2023-27519

Name of the Vulnerable Software and Affected Versions find-exec versions prior to 1.0.3 Description The issue is related to Command Injection, where attackers may run malicious shell commands in the context of the running process due to improper escaping of user input. This can be achieved via an...

Arbitrary Code Execution

llama-index is vulnerable to Arbitrary Code Execution. The vulnerability exists because of the improper handling of user input in the PandasQueryEngine function of the library, which allows an attacker to inject and execute malicious code due to the usage of the exec function...

GHSA-2XXC-73FV-36F7 llama-index vulnerable to arbitrary code execution

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

CVE-2023-39662

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

PYSEC-2023-148

An issue in llamaindex v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function...

PT-2023-27061

Name of the Vulnerable Software and Affected Versions llama index versions 0.7.13 and earlier Description An issue in llama index allows a remote attacker to execute arbitrary code via the exec parameter in the PandasQueryEngine function. This enables the attacker to perform unauthorized actions ...

Western Digital MyCloud PR4100 Logger Class Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Western Digital MyCloud PR4100 NAS device. Authentication is required to exploit this vulnerability. The specific flaw exists within the Logger class. The issue results from the lack of...

CVE-2023-36898 Tablet Windows User Interface Application Core Remote Code Execution Vulnerability

...

CVE-2023-38524

CVE-2023-38524 affects Siemens Parasolid and Teamcenter Visualization. A null pointer dereference occurs while parsing specially crafted X_T files, enabling potential code execution in the affected process. Affected versions: Parasolid V34.1 (prior to 34.1.258), V35.0 (prior to 35.0.254), V35.1 (...

kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

The Linux kernel's Performance Events subsystem has a use-after-free flaw that occurs when a user triggers the perfgroupdetach and removeonexec functions simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system...

PT-2024-12816 · Mariadb Foundation +1 · Mariadb +1

Name of the Vulnerable Software and Affected Versions: MariaDB version 10.5 Description: Insecure permissions in the sys exec function of MariaDB allow authenticated attackers to execute arbitrary commands with elevated privileges. This issue is disputed by the MariaDB Foundation because no...

langchain Code Injection vulnerability

An issue in Harrison Chase langchain allows an attacker to execute arbitrary code via the PALChain,frommathpromptllm.run in the python exec method...

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

CVE-2023-36095

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...

Design/Logic Flaw

An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include frommathprompt and fromcoloredobjectprompt...