Mageia: Security Advisory (MGASA-2018-0484)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271...

CVE-2021-44981

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...

ai.databand.azkaban:azkaban-common (=3.18.0), ai.databand.azkaban:azkaban-exec-server (=3.18.0) +7203 more potentially affected by CVE-2022-21363 via mysql:mysql-connector-java (>=3.0.10 <=8.0.27)

mysql:mysql-connector-java MAVEN version =3.0.10, =0.5.0, =0.5.0, =0.1.0, =4.1.3, =0.0.13, =1.13.3, =j8.2.2.0, =Finchley.SR2.SR1, =1.0.0, =0.0.3, =0.1.0, =0.1.3-20200811-2e41939 and more Source cves: CVE-2022-21363 Source advisory: OSV:GHSA-G76J-4CXX-23H9...

R818 代码问题漏洞

Allwinner Technology R818 is a quad-core intelligent voice with screen chip from Allwinner Technology Zhuhai, China. A security vulnerability exists in the Allwinner R818 SoC Android Q SDK V1.0, which originates from a NULL pointer dereference in the open exec function that could execute a...

Improper Privilege Management in shelljs

Impact Output from the synchronous version of shell.exec may be visible to other users on the same system. You may be affected if you execute shell.exec in multi-user Mac, Linux, or WSL environments, or if you execute shell.exec as the root user. Other shelljs functions including the asynchronous...

Exploit for Out-of-bounds Write in Solarwinds Serv-U

Serv-U CVE-2021-35211 Exploit Potential for DoS - check yo...

Information Disclosure

shelljs is vulnerable to information disclosure. The vulnerability exists in ShellJS exec function of exec.js because the file permissions have not been locked down which allows an attacker to gain access to sensitive information of file system of the running scripts and crash application...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

PYSEC-2022-10

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

PYSEC-2022-10

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

Exploit for OS Command Injection in Docker

CVE-2019-5736 is a container escape vulnerability in Docker. The PoC Proof of Concept exploit for this vulnerability is available in the repository sekla/CVE-2019-5736-PoC. The exploit works by overwriting and executing the host system's runc binary from within the container. The exploit has two...

golang: syscall: don't close fd 0 on ForkExec error

There's a flaw in golang's syscall.ForkExec interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked...

Command injection in github-todos

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...

GHSA-792J-9WJ3-J634 Command injection in github-todos

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the hook subcommand is concatenated without any validation, and is directly used by the exec function...