10 matches found
USN-7620-1: File::Find::Rule vulnerability
Kevin Ryde discovered that File::Find::Rule incorrectly handled certain file names. An attacker could possibly use this issue to execute arbitrary code...
AlmaLinux 9 : perl-File-Find-Rule (ALSA-2025:9517)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:9517 advisory. perl-file-find-rule: File::Find::Rule Arbitrary Code Execution CVE-2011-10007 Tenable has extracted the preceding description block directly from the AlmaLinux...
perl-file-find-rule: File::Find::Rule Arbitrary Code Execution
A flaw was found in perl-file-find-rule. The grep function within File::Find::Rule versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via...
File-Find-Rule: Shell Injection
Background File-Find-Rule is an alternative interface to File::Find. Description File-Find-Rule uses the legacy '2-arg' open call which is susceptible to shell injection via malicious filenames. Impact Shell injection may be used to execute arbitrary code using a malicious filename. Workaround...
CVE-2022-31037
OroCommerce is an open-source Business to Business Commerce application. Versions between 4.1.0 and 4.1.17 inclusive, 4.2.0 and 4.2.11 inclusive, and between 5.0.0 and 5.0.3 inclusive, are vulnerable to Cross-site Scripting in the UPS Surcharge field of the Shipping rule edit page. The attacker...
The vulnerability of the zlog_rule_s class in the logging library allows a violator to execute arbitrary code.
The vulnerability of the zlogrules class in the zlog logging library is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
USN-5580-1 linux-aws vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 It was...
Mageia: Security Advisory (MGASA-2019-0214)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-43043
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule...
GLPI 'condition rule' SQL Injection Vulnerability
GLPI is an open source IT resource management suite maintained by the Indepnet Association. The suite includes features such as device status management, asset inventory storage, management processes and work log management. An SQL injection vulnerability exists in the condition rule field in GLP...