Python Shell Command Injection Vulnerability (bpo-24778) - Mac OS X

Python is prone to a shell command injection vulnerability in the mailcap module. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Python Shell Command Injection Vulnerability (bpo-24778) - Linux

Python is prone to a shell command injection vulnerability in the mailcap module. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-1463)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validatio...

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-1472)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validatio...

SUSE SLES12 Security Update : sssd (SUSE-SU-2022:1258-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1258-1 advisory. - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire...

SUSE-SU-2022:1258-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands bsc1189492. - Add LDAPS support for the AD provider bsc1183735jscSLE-17773. Non-security fixes: - Fixed a crash caused by calling dbuswatchhand...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

AZL-9417 CVE-2015-20107 affecting package python3 for versions less than 3.9.13-5

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

The CVE-2015-20107 issue affects CPython’s mailcap module through Python 3.10.8 (and back-ported fixes to 3.7–3.9). Root cause: mailcap.findmatch does not escape system-mailcap commands, enabling shell-command injection when untrusted input is used (e.g., via unvalidated filenames/arguments). Doc...

PSF-2022-1 mailcap shell command injection

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

SUSE: Security Advisory (SUSE-SU-2022:0826-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE Overview of CVE...

OPENSUSE-SU-2022:0735-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion bsc1196435. - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEG...

SUSE-SU-2022:0732-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion bsc1196435. - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEG...

Shell Command Injection

imageprocessing is vulnerable to shell command injection. The apply function in chainable.rb does not properly check unsanitized user input operational commands, allowing an attacker to inject and execute malicious shell commands...

CVE-2022-24720

CVE-2022-24720 affects the image_processing Ruby gem (wrapper for libvips/ImageMagick/GraphicsMagick). A bug in the #apply method allows executing shell commands when operation sequences come from unsanitized user input. This chain affects Active Storage variants that rely on image_processing. Th...

CVE-2022-24720 Improper Input Validation in image_processing

imageprocessing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell commands. This method is...

Huawei EulerOS: Security Advisory for sssd (EulerOS-SA-2022-1148)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.6 : sssd (EulerOS-SA-2022-1148)

According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire...