MiracleLinux 8 : fwupd-1.5.9-1.el8.ML.1 (AXSA:2022-2904:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-2904:01 advisory. grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled CVE-2020-14372 grub2: Use-after-free in rmmod...

MiracleLinux 9 : less-590-3.el9_3 (AXSA:2024-7665:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7665:02 advisory. less: missing quoting of shell metacharacters in LESSCLOSE handling CVE-2022-48624 Tenable has extracted the preceding description block directly from the...

EUVD-2014-0088

Malware in sbrugna...

EUVD-2011-2492

Malware in sbrugna...

CVE-2025-48384 Git allows arbitrary code execution through broken config quoting

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...

Important: postgresql

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

virtualenv: potential command injection via virtual environment activation scripts

A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...

PT-2022-19706 · Unknown · Kardianos Service Package

Name of the Vulnerable Software and Affected Versions: kardianos service package for Go affected versions not specified Description: The issue is related to the service windows.go file in the kardianos service package for Go, which omits quoting that is sometimes needed for the execution of a...

Debian: Security Advisory (DLA-1864-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1864-1] patch security update

Package : patch Version : 2.7.5-1+deb8u3 CVE ID : CVE-2019-13638 An issue with quoting has been found in patch, a tool to apply a diff file to an original, when invoking ed. In order to avoid this, ed is now directly started instead of calling a shell which starts ed. For Debian 8 "Jessie", this...

Amazon Linux: Security Advisory (ALAS-2014-370)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: chkrootkit

Issue Overview: A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges. Affected Packages: chkrootki...

Fedora 19 : chkrootkit-0.49-9.fc19 (2014-7090)

A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges. Note that Tenable Network Security has...

Fedora 20 : chkrootkit-0.49-9.fc20 (2014-7071)

A quoting issue was found in chkrootkit which would lead to a file in /tmp/ being executed, if /tmp/ was mounted without the noexec option. chkrootkit is typically run as the root user. A local attacker could use this flaw to escalate their privileges. Note that Tenable Network Security has...

[SECURITY] [DSA 251-1] New w3m packages fix cookie information leak

-------------------------------------------------------------------------- Debian Security Advisory DSA 251-1 [email protected] http://www.debian.org/security/ Martin Schulze February 14th, 2003 http://www.debian.org/security/faq -...