NEC Multiple Products Operating System Command Injection Vulnerability

The NEC UNIVERGE SV8500 and NEC UNIVERGE SV9500 are both an IP phone device from NEC Corporation of Japan. A security vulnerability exists in multiple NEC products that could allow a remote attacker to execute arbitrary shell commands on the target system. The following products and versions are...

CVE-2020-12149

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

Virtuozzo 7 : patch (VZLSA-2019-2964)

An update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

SUSE SLED15 / SLES15 Security Update : cifs-utils (SUSE-SU-2020:2729-1)

This update for cifs-utils fixes the following issues : CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs bsc1174477. Fixed an invalid free in mount.cifs; bsc1152930. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...

SUSE SLES12 Security Update : cifs-utils (SUSE-SU-2020:2728-1)

This update for cifs-utils fixes the following issues : CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs bsc1174477. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

Fedora 33 : cifs-utils (2020-ea0b9caac3)

New upstream release : - fixes CVE-2020-14342 cifs-utils: shell command injection in mount.cifs - adds smb2-quota tool - adds mount.smb3 as a symlink to mount.cifs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

Fedora 32 : cifs-utils (2020-cfdd73f1b4)

New upstream release : - fixes CVE-2020-14342 cifs-utils: shell command injection in mount.cifs - adds smb2-quota tool - adds mount.smb3 as a symlink to mount.cifs Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website...

openSUSE Security Update : cifs-utils (openSUSE-2020-1579)

This update for cifs-utils fixes the following issues : - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs bsc1174477. - Fixed an invalid free in mount.cifs; bsc1152930. This update was imported from the SUSE:SLE-15-SP1:Update update project. C Tenable Network Security,...

openSUSE: Security Advisory for cifs-utils (openSUSE-SU-2020:1579-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for cifs-utils (moderate)

openSUSE Security Update: Security update for cifs-utils Announcement ID: openSUSE-SU-2020:1579-1 Rating: moderate References: 1152930 1174477 Cross-References: CVE-2020-14342 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...

SUSE-SU-2020:2728-1 Security update for cifs-utils

This update for cifs-utils fixes the following issues: - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs bsc1174477...

Valve: Shell command injection in https://partner.steamgames.com/admin/game/publish/ via screenshot URL

Shell command injection in https://partner.steamgames.com/admin/game/publish/ via screenshot URL The vulnerability allowed insufficient validation of parameters, which permitted the injection of shell metacharacters into values used to construct a Bash command...

SNMP Trap Translator: Multiple vulnerabilities

Background SNMP Trap Translator SNMPTT is an SNMP trap handler written in Perl. Description It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. Impact A remote attacker, by sending a malicious crafted SNMP...

Valve: Shell command injection in https://partner.steamgames.com/bundles/savestore/ via overwriting asset_path_identifier

Shell command injection in https://partner.steamgames.com/bundles/savestore/ via overwriting assetpathidentifier. Insufficient validation of parameters allowed injecting shell metacharacters into values used to construct a Bash command...

CVE-2020-3332 Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input...

MCIR

This is a collection of intentionally vulnerable applications for testing code injection vulnerabilities. The applications are designed to be used in a trusted web environment and should not be published on a production server or exposed to the internet. The applications include: CryptOMG: A...

EulerOS Virtualization 3.0.2.2 : patch (EulerOS-SA-2020-1446)

According to the versions of the patch package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A double free exists in the anotherhunk function in pch.c in GNU patch through 2.7.6.CVE-2018-6952 - Directory traversal...

Huawei EulerOS: Security Advisory for patch (EulerOS-SA-2020-1446)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary Command Execution

redhat-ds-admin is vulnerable to arbitrary command execution. The vulnerability exists as a shell command injection flaw was discovered in the Red Hat Administration Server replication monitor CGI script used by Red Hat Directory Server 8.0. An attacker with access to the replication monitor web...

Valve: Shell command injection in https://partner.steamgames.com/apps/communityitems/ via file extension of item_image_small and item_image_large

Shell command injection in https://partner.steamgames.com/apps/communityitems/ via file extension of itemimagesmall and itemimagelarge. Shell injection was achieved on a publishing gateway through metacharacter injection in an item-upload path...