Osprey Pump Controller 1.0.1 pseudonym Command Injection Vulnerability

Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script. Osprey Pump Controller 1.0.1 pseudonym Semi-blind...

RHEL 9 : tar (RHSA-2023:0959)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:0959 advisory. The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fixes: tar: heap buffer overflow at fromheader ...

Moderate: tar security update

The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fixes: tar: heap buffer overflow at fromheader in list.c via specially crafted checksum CVE-2022-48303 For more details about the security issues, including the impact, a CVSS score,...

ALSA-2023:0959 Moderate: tar security update

The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fixes: tar: heap buffer overflow at fromheader in list.c via specially crafted checksum CVE-2022-48303 For more details about the security issues, including the impact, a CVSS score,...

CVE-2023-27371

GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHDcreatepostprocessor method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a...

CVE-2023-27371

Summary: CVE-2023-27371 affects GNU libmicrohttpd prior to 0.9.76. The vulnerability arises from improper parsing of multipart/form-data boundaries in postprocessor.c MHD_create_post_processor(), enabling a remote attacker to send a crafted HTTP POST containing one or more '\0' bytes in the bound...

AlmaLinux 9 : tar (ALSA-2023:0959)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:0959 advisory. - GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of...

Oracle Linux 9 : tar (ELSA-2023-0959)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-0959 advisory. - Fix CVE-2022-48303 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function the parameter file and parameter srcdir come from external input and parameters are not escaped. If a file name or directory name contains shell metacharacters code may be executed.

...

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function and bound to C-c C-f. Inside the function the external command gem is called through shell-command-to-string but the feature-name parameters are not escaped. Thus malicious Ruby source files may cause commands to be executed.

...

FreeBSD : emacs -- multiple vulnerabilities (a75929bd-b6a4-11ed-bad6-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a75929bd-b6a4-11ed-bad6-080027f5fec9 advisory. - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the...

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijack

Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...

Debian DSA-5360-1 : emacs - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5360 advisory. Xi Lu discovered that missing input sanitising in Emacs in etags, the Ruby mode and htmlfontify could result in the execution of arbitrary shell commands. For the...

DEBIAN-CVE-2022-3219

GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached, compressed down to just a few KB...

UBUNTU-CVE-2022-3219

GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached, compressed down to just a few KB...

Fedora: Security Advisory for golang-oras-2 (FEDORA-2023-4e2068ba5d)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE CVE-2022-48337

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

SUSE CVE-2022-48339

An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell...

tar security update

An update is available for tar. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The GNU tar program can save multiple files in an archive and restore files from ...

RLSA-2023:0842 Moderate: tar security update

The GNU tar program can save multiple files in an archive and restore files from an archive. Security Fixes: tar: heap buffer overflow at fromheader in list.c via specially crafted checksum CVE-2022-48303 For more details about the security issues, including the impact, a CVSS score,...