19 matches found
GHSA-CFPG-C974-JFHQ PySyft server-side arbitrary Python execution after code approval
PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...
CVE-2025-13818
Summary: CVE-2025-13818 is a local privilege escalation in the Windows version of ESET Management Agent due to insecure temporary batch file execution. Affected software: ESET Management Agent (Windows). Vulnerability: Local exploit via insecure handling of temporary batch files that can escalate...
CVE-2025-66219
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219 willitmerge has a command Injection vulnerability
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2025-66219 willitmerge has a command Injection vulnerability
willitmerge is a command line tool to check if pull requests are mergeable. In versions 0.2.1 and prior, there is a command Injection vulnerability in willitmerge. The vulnerability manifests in this package due to the use of insecure child process execution API exec to which it concatenates user...
CVE-2014-0048
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways...
DOM-based Cross-Site Scripting (XSS) in attribute context
Client-side scripts are used extensively by modern web applications. They perform from simple functions such as the formatting of text up to full manipulation of client-side data and Operating System interaction. Unlike traditional Cross-Site Scripting XSS, where the client is able to inject...
Windows Object Packager Insecure Execution
Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...
Windows Object Packager Insecure Execution
Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...
Windows Object Packager Insecure Execution
Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...
Windows Object Packager Insecure Execution
Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...
Debian DSA-1668-1 : hf - programming error
Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...
Debian: Security Advisory (DSA-1668-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-1668-1 hf - execution of arbitrary code
Bulletin has no description...
Debian DSA-1393-1 : xfce4-terminal - insecure execution
It was discovered that xfce-terminal, a terminal emulator for the xfce environment, did not correctly escape arguments passed to the processes spawned by 'Open Link'. This allowed malicious links to execute arbitrary commands upon the local system. %NASLMINLEVEL 70300 C Tenable Network Security,...
Kommander: Insecure remote script execution
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kommander is a visual dialog editor and interpreter for KDE applications, part of the kdewebdev package. Description Kommander executes data files from possibly untrusted locations without us...
Debian DSA-296-1 : kdebase - insecure execution
The KDE team discovered a vulnerability in the way KDE uses Ghostscript software for processing of PostScript PS and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewin...
[SECURITY] [DSA-377-1] New wu-ftpd packages fix insecure program execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 377-1 [email protected] http://www.debian.org/security/ Matt Zimmerman September 4th, 2003 http://www.debian.org/security/faq -...
DSA-377 wu-ftpd - insecure program execution
Bulletin has no description...