Oracle Linux 7 : patch (ELSA-2019-2964)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2964 advisory. 2.7.1-12 - Fixed CVE-2018-20969, invoke ed directly instead of using the shell Tenable has extracted the preceding description block directly from the...

RHEL 7 : patch (RHSA-2019:2964)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2964 advisory. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes...

Updated kconfig packages fix security vulnerability

Updated kconfig packages fix security vulnerability: Dominik Penner discovered that KConfig supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file e.g. if it's embedded into a downloaded archive and it gets opened in a file...

MGASA-2019-0278 Updated kconfig packages fix security vulnerability

Updated kconfig packages fix security vulnerability: Dominik Penner discovered that KConfig supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file e.g. if it's embedded into a downloaded archive and it gets opened in a file...

LibreNMS Collectd Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqliescaperealstring function, which permits backticks. These parameters are used as part...

LibreNMS Collectd Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS Collectd Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Collectd graphing...

USN-4058-1: Bash vulnerability | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command. CVEs contained in this USN include: CVE-2019-99...

[SECURITY] [DLA 1890-1] kde4libs security update

Package : kde4libs Version : 4:4.14.2-5+deb8u3 CVE ID : CVE-2019-14744 Debian Bug : 934268 Dominik Penner discovered a flaw in how KConfig interpreted shell commands in desktop files and other configuration files. An attacker may trick users into installing specially crafted files which could the...

CVE-2019-14986

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...

CVE-2019-14986

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...

Design/Logic Flaw

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...

CVE-2019-14986

eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...

NewStart CGSL MAIN 4.05 : git Vulnerability (NS-SA-2019-0120)

The remote NewStart CGSL host, running version MAIN 4.05, has git packages installed that are affected by a vulnerability: - A shell command injection flaw related to the handling of ssh URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges...

NewStart CGSL MAIN 4.05 : ghostscript Vulnerability (NS-SA-2019-0145)

The remote NewStart CGSL host, running version MAIN 4.05, has ghostscript packages installed that are affected by a vulnerability: - It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection...

Debian: Security Advisory (DSA-4494-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...

CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...

KDE Frameworks -- malicious .desktop files execute code

The KDE Community has released a security announcement: The syntax Key$e=$shell command in .desktop files, .directory files, and configuration files typically found in /.config was an intentional feature of KConfig, to allow flexible configuration. This could however be abused by malicious people...

Debian DSA-4489-1 : patch - security update

Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed. This update includes a bugfix for a regression introduced by the patch to address...

Debian: Security Advisory (DSA-4489-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...