Amazon Linux AMI : rubygem24-rake (ALAS-2020-1385)

The version of rubygem24-rake installed on the remote host is prior to 12.0.0-1.49. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1385 advisory. There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begin...

CVE-2019-15310

An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...

CVE-2019-15310

CVE-2019-15310 affects Linkplay firmware. The issue enables WAN remote code execution without user interaction, enabling an attacker to retrieve the firmware AWS credentials and gain full control over Linkplay’s AWS estate, including S3 buckets containing device firmware. When combined with an OS...

OS Command Injection

bunyan is vulnerable to OS command injection. Untrusted user input is not validated and sanitized before being passed to the exec function in /bin/bunyan. This allows a remote attacker to inject and execute arbitrary OS commands in the system...

CVE-2020-9047

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

CVE-2020-9047

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

Command injection

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

CVE-2020-9047 exacqVision Software - Improper Verification of Cryptographic Signature

A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could...

CVE-2020-9047

Exacqvision Web Service <= 20.06.3.0 and ExacqVision Enterprise Manager

OS Command Injection

node-traceroute is vulnerable to OS command injection. The Child.exec method accepts untrusted user input and allows an attacker to inject arbitrary OS commands after a newline character...

Medium: rubygem-rake

Issue Overview: There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |. CVE-2020-8130 Affected Packages: rubygem-rake Issue Correction: Run yum update rubygem-rake or yum update --advisory ALAS-2020-1384...

CVE-2019-9193 PostgreSQL allows OS level commands via COPY SQL function

An OS command injection vulnerability in FortiAnalyzer, FortiAuthenticator and FortiManager may allow a privileged system administrator to run OS level commands on the system via injecting commands in SQL queries...

OS Command Injection

git-diff-apply is vulnerable to OS command injection. Lack of validation of untrusted input allows an attacker to inject arbitrary OS command via the affected parameter that is subsequently used in the diff function as a git command...

CVE-2020-13159

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclientmac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818...

CVE-2020-13159

Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclientmac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818...

CVE-2020-13159

CVE-2020-13159 concerns Artica Proxy, before 4.30.000000 Community Edition, allowing OS command injection via user-controllable fields: Netbios name, Server domain name, dhclient_mac, Hostname, or Alias. The issue stems from constructing OS commands from unfiltered input, enabling remote code exe...

OS Command Injection

mversion is vulnerable to OS Command Injection. The vulnerability exists as the values in the functions isRepositoryClean, and commit, that leads to cp.exec are not sanitized...

OS Command Injection

jenkins-git-client-plugin is vulnerable to OS command injection via 'git ls-remote'...

Important: Red Hat Security Advisory: OpenShift Container Platform 3.11 jenkins-2-plugins security update

An update for jenkins-2-plugins is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

OS Command Injection

devcert is vulnerable to remote code execution RCE. It is possible because it does not validate the user-provided string-concatenated input to the run command in utils.js, which is subsequently passed to execSync, leading to execution of malicious commands...