SUSE CVE-2016-7032

sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...

SUSE CVE-2018-16744

An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used...

SUSE CVE-2019-10800

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

SUSE CVE-2021-31607

In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff...

Hytec Inter HWL-2511-SS 命令注入漏洞

The Hytec Inter HWL-2511-SS is an industrial LTE router and Wi-Fi access point from Hytec Inter, Japan. A security vulnerability exists in the Hytec Inter HWL-2511-SS v1.05 and earlier, which stems from the component /www/cgi-bin/popen.cgi containing a command injection...

Command Injection

codecov is vulnerable to command injection. The vulnerability exists due to the lack of sanitization in the gcov arguments in the main function of init.py, allowing an attacker to inject and execute malicious commands before being provided to the Popen functionality...

GHSA-H3QR-FJHM-JPHW Codecov does not sanitize gcov arguments

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

Codecov does not sanitize gcov arguments

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

CVE-2019-10800

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

CVE-2019-10800

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

PYSEC-2022-238

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

PYSEC-2022-238

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

Security feature bypass

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

CVE-2019-10800 Command Injection

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method...

PT-2022-8076 · Codecov +1 · Codecov +1

Name of the Vulnerable Software and Affected Versions: codecov versions prior to 2.0.16 Description: The issue arises from the failure to sanitize gcov arguments before they are provided to the popen method. This lack of sanitization can lead to potential exploitation. Recommendations: For versio...

codecov 参数注入漏洞

codecov is a specialized code coverage solution open-sourced by codecov. A security vulnerability exists in codecov versions prior to 2.0.16, which stems from not cleaning up the gcov parameter before supplying it to the popen method...

Exploit for Command Injection in Tp-Link Tapo_C200_Firmware

CVE-2021-4045 CVE-2021-4045 is a Command Injection vulnerabil...

Advantech R-SeeNet ping.php OS Command Injection vulnerability

Summary An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...

Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-2165)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Command injection in Gerapy

This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the projectconfigure endpoint, isn’t being sanitized...