CVE-2025-47228 - Shell Injection Vulnerability in Netmake ScriptCase Production Environment Extension

CVE ID : CVE-2025-47228

Published : July 5, 2025, 3:15 a.m. | 41 minutes ago

Description : In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2023-53123 – Linux Kernel PCI s390 Use-After-Free Vulnerability

May 2, 2025

CVE ID : CVE-2023-53123

Published : May 2, 2025, 4:15 p.m. | 34 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

PCI: s390: Fix use-after-free of PCI resources with per-function hotplug

On s390 PCI functions may be hotplugged individually even when they
belong to a multi-function device. In particular on an SR-IOV device VFs
may be removed and later re-added.

In commit a50297cf8235 (“s390/pci: separate zbus creation from
scanning”) it was missed however that struct pci_bus and struct
zpci_bus’s resource list retained a reference to the PCI functions MMIO
resources even though those resources are released and freed on
hot-unplug. These stale resources may subsequently be claimed when the
PCI function re-appears resulting in use-after-free.

One idea of fixing this use-after-free in s390 specific code that was
investigated was to simply keep resources around from the moment a PCI
function first appeared until the whole virtual PCI bus created for
a multi-function device disappears. The problem with this however is
that due to the requirement of artificial MMIO addreesses (address
cookies) extra logic is then needed to keep the address cookies
compatible on re-plug. At the same time the MMIO resources semantically
belong to the PCI function so tying their lifecycle to the function
seems more logical.

Instead a simpler approach is to remove the resources of an individually
hot-unplugged PCI function from the PCI bus’s resource list while
keeping the resources of other PCI functions on the PCI bus untouched.

This is done by introducing pci_bus_remove_resource() to remove an
individual resource. Similarly the resource also needs to be removed
from the struct zpci_bus’s resource list. It turns out however, that
there is really no need to add the MMIO resources to the struct
zpci_bus’s resource list at all and instead we can simply use the
zpci_bar_struct’s resource pointer directly.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Double-Edged Sustainability Sword Of AI In Web Design

Top 12 Reasons Enterprises Choose Node.js Development Services for Scalable Growth

GitHub’s coding agent can now be launched from anywhere on platform using new Agents panel

Stop writing tests: Automate fully with Generative AI

I’m a diehard Pixel fan, but I’m not upgrading to the Pixel 10. Here’s why

Google Pixel Watch 4 vs. Samsung Galaxy Watch 8: I compared the two best Androids, and here’s the winner

Get a free Amazon gift card up to $300 when you preorder a new Google Pixel 10 phone – here’s how

Everything announced at Made by Google 2025: Pixel 10 Pro, Fold, Watch 4, and more

Copy Errors as Markdown to Share With AI in Laravel 12.25

Copy Errors as Markdown to Share With AI in Laravel 12.25

Deconstructing the Request Lifecycle in Sitecore Headless – Part 2: SSG and ISR Modes in Next.js

Susan Etlinger, AI Analyst and Industry Watcher on Building Trust

TerraMaster D1 SSD Plus Review: Experience a Faster External SSD

TerraMaster D1 SSD Plus Review: Experience a Faster External SSD

Microsoft is investigating Windows 11 KB5063878 SSD data corruption/failure issue

Microsoft Surface Won’t Turn On: 6 Tested Solutions to Fix

CVE-2025-47228 – Shell Injection Vulnerability in Netmake ScriptCase Production Environment Extension

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks

He Hacked McDonald’s for Free Nuggets — What He Found Was Far More Dangerous

CVE-2025-4454 – D-Link DIR-619L Wake_on_Lan Command Injection Vulnerability

CVE-2025-2238 – Vikinger WordPress Privilege Escalation Vulnerability

CVE-2025-3820 – Tenda W12 and i24 Remote Stack-Based Buffer Overflow

CVE-2024-56523 – Radware Cloud Web Application Firewall (WAF) HTTP Request Smuggling

CVE-2023-53123 – Linux Kernel PCI s390 Use-After-Free Vulnerability

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

CVE-2025-43865 – React Router HTTP Header Injection Vulnerability

CVE-2025-54444 – Samsung Electronics MagicINFO 9 Server File Upload Code Injection Vulnerability

CVE-2025-47228 – Shell Injection Vulnerability in Netmake ScriptCase Production Environment Extension

Related Posts