CVE-2023-49284 Command substitution output can trigger shell expansion in fish shell

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

CVE-2023-49284 Command substitution output can trigger shell expansion in fish shell

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

CVE-2023-49284

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

CVE-2023-6396

GitLab CE/EE is affected by CVE-2023-6396 due to XSS and ReDoS in Markdown via the Banzai pipeline when a member has admin_group_member permission, potentially allowing escalation (e.g., adding members with higher roles) and exposure of internal project details. The issue is tied to a bypass of C...

CVE-2023-43020

CVE-2023-43020 is evidenced in IBM bulletins as a denial-of-service vulnerability in IBM Db2 (including Db2 Connect Server) when processing a specially crafted query. Affected products span Db2 on Linux/UNIX/Windows (versions 10.5, 11.1, 11.5; Db2 Big SQL is also listed in related bulletins). The...

CVE-2021-26292

The CVE-2021-26292 entry maps to AfterLogic Aurora and WebMail Pro

CVE-2023-42219

Exim MTA vulnerability CVE-2023-42219 is described in the connected Malwarebytes entry as allowing network-adjacent attackers to disclose sensitive information on affected installations of Exim. The article also notes that Exim is not likely to fix CVE-2023-42219 and suggests mitigations such as ...

CVE-2023-6209

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

CVE-2023-6209

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

CVE-2023-6209

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

CVE-2018-10818

Connected document details confirm CVE-2018-10818 affects LG NAS devices, via a pre-auth remote command injection in the password parameter exposed through the /system/sharedir.php endpoint. The attack vector is unauthenticated and could enable arbitrary code execution on affected devices. Concre...

CVE-2023-40118

CVE-2023-40118 is addressed in ChromeOS updates as part of the Android Runtime Container security fixes. The connected ChromeOS release notes indicate CVE-2023-40118 was fixed as a Medium severity issue on impacted platforms within the Android Runtime Container, in the context of the ChromeOS Sta...

CVE-2023-35678

CVE-2023-35678 is listed in Android 14 vulnerability details under Framework with Type: Elevation of Privilege (EoP) and Severity: High. The Android 14 release notes do not provide public exploit details for this CVE. Mitigation guidance from the bulletin indicates that Android 14 devices with a ...

CVE-2023-5649

CVE-2023-5649 is an improper input validation vulnerability in Brocade ASCG related to registered case credentials. The Brocade advisory notes that before ASCG v3.0, a local authenticated user could provide invalid inputs (e.g., special characters) when performing a supportsave operation on a Bro...

CVE-2023-46035

The CVE-2023-46035 issue affects the Ruby gem svg_optimizer (Fnando) v0.2.6, where an external XML entity (XXE) vulnerability is possible when optimizing untrusted SVG content due to default XXE handling in the code (svg_optimizer.rb). This can allow a remote attacker to escalate privileges by ex...

CVE-2023-35903

The IBM Security Verify Governance – Identity Manager (Virtual Appliance) is affected by CVE-2023-35903 due to improper file validation, enabling arbitrary file upload and related privilege escalation/sensitive information exposure. Affected systems are the Identity Manager virtual appliance comp...

CVE-2023-45023

The CVE-2023-45023 entry corresponds to a Broken Access Control in the TYPO3 extension femanager. Multiple connected sources (GHSA-93J4-V838-8767, OSV, Veracode, and FriendsOfPHP advisory) describe that femanager fails to check access permissions for the invitation component, allowing remote atta...

CVE-2023-24286

CVE-2023-24286 is documented across several feeds as a buffer overrun/overflow in the Mosaic puzzle component when processing a crafted save file. The exact affected package names/versions are not consistently enumerated in the provided sources; Ubuntu/Debian mentions Mosaic puzzle with a crafted...

CVE-2023-24285

CVE-2023-24285 involves a buffer overrun in the Netslide puzzle (sgt-puzzles) triggered by a crafted save file. Connected documents indicate Ubuntu/Debian advisories listing the Netslide puzzle as affected, with no details on patch availability or exact versions in the provided sources. Exploitat...

CVE-2023-4638

CVE-2023-4638 affects GitLab CE/EE (versions 13.3–16.1.4, 16.2.0–16.2.4, 16.3.0) where an unauthenticated/unauthorized user can fork a project outside of the current group due to improper permission validation. Impact includes potential privilege escalation or access to project data via misrouted...