906 matches found
Updated signing-party packages fix security vulnerability
Updated signing-party package fixes security vulnerability: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID CVE-2019-11627...
MGASA-2019-0386 Updated signing-party packages fix security vulnerability
Updated signing-party package fixes security vulnerability: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID CVE-2019-11627...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
CVE-2019-16255
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
Sophos Cyberoam firewall appliance shell injection vulnerability
Sophos Cyberoam firewall appliance is a firewall appliance from Sophos UK.CyberoamOS is the set of operating systems that run on it. A security vulnerability exists in the Sophos Cyberoam firewall appliance running CyberoamOS versions prior to 10.6.6 MR-6. The vulnerability can be exploited by an...
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...
Sql injection
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...
CVE-2019-17059
CVE-2019-17059 is a shell injection vulnerability in Sophos Cyberoam firewall appliances running CyberoamOS prior to 10.6.6 MR-6. The issue allows remote attackers to execute arbitrary commands through the Web Admin and SSL VPN consoles, enabling remote code execution. Affected device/OS: Sophos ...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
AZL-35106 CVE-2019-13638 affecting package patch for versions less than 2.7.6-9
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...
ALPINE-CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...
DEBIAN-CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...
UBUNTU-CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...
CVE-2019-6962
A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...
CVE-2019-6962
A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...
Sql injection
A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...
CVE-2019-6962
The CVE-2019-6962 issue affects the RDK B/CcspWifiAgent stack (RDKB-20181217-1) via the cosa_wifi_apis.c shell-injection path. If ENABLE_FEATURE_MESHWIFI is enabled, an attacker with login credentials can craft the Wi‑Fi network password to include escape characters, enabling arbitrary shell comm...