12 matches found
Samba Print Configuration Checker
This Python script is a lightweight configuration analysis tool designed to inspect Samba smb.conf printing settings and identify potentially unsafe print command configurations associated with command injection risks. It's written to target versions 4.22.10, 4.23.8 and 4.24.3...
CVE-2026-30304
In its design for automatic terminal command execution, AI Code offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...
CVE-2018-25122 Nagios XI < 5.4.13 Component Download Page RCE
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...
EUVD-2021-31477
Malicious code in bioql PyPI...
AZL-66101 CVE-2025-4674 affecting package golang for versions less than 1.22.7-5
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...
CVE-2024-29073
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...
CVE-2024-29073
Anki (Ankitects) 24.04 is affected by CVE-2024-29073 due to incomplete sanitization of LaTeX: the verbatim package is not properly handled, enabling a specially crafted flashcard to read arbitrary files. The issue is triggered by sharing a flashcard; no fix/version remediation is provided in the ...
Anki Latex Incomplete Blocklist Vulnerability
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. ...
CVE-2022-33185
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user accoun...
CVE-2022-2830
Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone...
CVE-2021-3020
An issue was discovered in ClusterLabs Hawk aka HA Web Konsole through 2.3.0-15. It ships the binary hawkinvoke built from tools/hawkinvoke.c, intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root with an attempt to limit this to safe...
ikiwiki Teximg Plugin TeX Command Arbitrary File Disclosure Vulnerability
ikiwiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...