SUSE CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

SUSE CVE-2020-24361

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

CVE-2023-24508

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods...

Command injection

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have...

CVE-2023-24508

CVE-2023-24508 affects Baicells Nova 227, Nova 233, Nova 243 (and Nova 246) LTE TDD eNodeB devices with RTS/RTD 3.6.6. The vulnerability allows remote code execution via HTTP command injections, with commands executed in pre-login context and at root privilege level. Technical details in the conn...

FreeBSD : Python -- multiple vulnerabilities (d6d088c9-5064-11ed-bade-080027881239)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d6d088c9-5064-11ed-bade-080027881239 advisory. - Python reports: gh-97616: Fix multiplying a list by an integer list = int: detect the integer overflo...

Acer Altos W2000h-W570h F4 缓冲区错误漏洞

Acer Altos W2000h-W570h F4 is a server from Acer China. It offers best-in-class performance, innovative technology, high configurability and comprehensive management features. A security vulnerability exists in Acer Altos W2000h-W570h F4 version R01.03.0018, which originates from a discovery...

Python -- multiple vulnerabilities

Python reports: gh-97616: Fix multiplying a list by an integer list = int: detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner. gh-97612: Fix a shell code injection vulnerability in the...

OS Command Injection

Heroku-env is vulnerable to OS command injection. The vulnerability is due to the function get that executes a shell command with unsanitized user input. An attacker can inject shell code using the app parameter, using the control operator & or && followed by an arbitrary command...

Remote Code Execution (RCE)

Image-tiler is vulnerable to Remote Code Execution RCE. The vulnerability lies in the tile function, if a developer allows unsanitized user input to the function an attacker can inject arbitrary shell code which will be executed on the system...

CVE-2022-27483

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to...

SUSE: Security Advisory (SUSE-SU-2022:2321-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:2321-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: - CVE-2022-1292: Fixed command injection in crehash bsc1199166. - CVE-2022-2068: Fixed more shell code injection issues in crehash. bsc1200550...

SUSE: Security Advisory (SUSE-SU-2022:2308-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for openssl-1_1 (SUSE-SU-2022:2308-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:2309-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for openssl-3 (SUSE-SU-2022:2306-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:2309-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in crehash. bsc1200550 - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode. bsc1201099...

SUSE-SU-2022:2306-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in crehash. bsc1200550 - CVE-2022-1292: Properly sanitise shell metacharacters in crehash script. bsc1199166 - CVE-2022-1343: Fixed incorrect signature verification in OCSPbasicverify...