Lucene search
K

9 matches found

Snyk
Snyk
added 2026/03/31 11:28 p.m.5 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the process that renders the Gallery or Kanban view when a malicious URL is stored in the mAsset field and used as a cover image. An attacker can execute arbitrary operating system commands under the victim's...

9.3CVSS6.2AI score0.00489EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.6 views

PT-2024-33341

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 3.5.x through 3.6.x before 3.6.2 Description The issue is related to a buffer underrun in the pkwrite function when writing an opaque key pair. Recommendations For Mbed TLS versions 3.5.x through 3.6.x before 3.6.2, update to...

9.8CVSS6AI score0.00607EPSS
Exploits0References43
OSV
OSV
added 2023/12/22 11:6 a.m.4 views

OESA-2023-1939 fish security update

fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure. Security Fixes: fish is a smart and user-friendly comman...

6.6CVSS6.6AI score0.00475EPSS
Exploits1References2
OSV
OSV
added 2023/12/05 12:15 a.m.2 views

DEBIAN-CVE-2023-49284

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

6.6CVSS6.5AI score0.00475EPSS
Exploits1References1
OSV
OSV
added 2023/12/05 12:15 a.m.7 views

AZL-32081 CVE-2023-49284 affecting package fish for versions less than 3.6.2-1

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

6.6CVSS5.8AI score0.00475EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/01/09 1:54 p.m.6 views

CVE-2023-22472 Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. e.g. in an email, chat link...

5.3CVSS7.2AI score0.00204EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.4 views

PT-2023-18524 · Nextcloud · Nextcloud Desktop Client

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.2 Description: The issue affects Deck, a kanban style organization tool integrated with Nextcloud, allowing an attacker to make a user send any POST request with an arbitrary body if they click o...

8.8CVSS8.6AI score0.00204EPSS
Exploits0References7
Snyk
Snyk
added 2020/01/08 11:3 a.m.1 views

Command Injection

Overview codecov is a npm package for uploading reports to Codecov. Affected versions of this package are vulnerable to Command Injection. The value provided as part of the gcov-args argument is executed by the exec function within lib/codecov.js. PoC by JHU System Security Lab var root =...

8.8CVSS7AI score0.01859EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/12/19 12:0 a.m.9 views

PT-2019-15816 · Red Hat · Ansible Tower

Name of the Vulnerable Software and Affected Versions: Ansible Tower versions 3.6.x before 3.6.2 Description: A flaw was found in Ansible Tower where files in '/var/backup/tower' are left world-readable. These files include both the SECRET KEY and the database backup. Any user with access to the...

5.9CVSS5.7AI score0.00312EPSS
Exploits0References3
Rows per page
Query Builder