CVE-2019-6962

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...

CVE-2019-1878 Cisco TelePresence Endpoint Command Shell Injection Vulnerability

A vulnerability in the Cisco Discovery Protocol CDP implementation for the Cisco TelePresence Codec TC and Collaboration Endpoint CE Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to...

Design/Logic Flaw

The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection...

CVE-2018-10697

The CVE-2018-10697 entry affects Moxa AWK-3121 (firmware 1.14). The vulnerability is a command injection in the POST parameter srvName exposed via the device’s ping functionality, allowing an attacker to craft input with shell metacharacters and execute commands on the device. Reported as impacti...

openSUSE: Security Advisory for signing-party (openSUSE-SU-2019:1388-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : signing-party (openSUSE-2019-1388)

This update for signing-party fixes the following issues : - CVE-2019-11627: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

CVE-2018-19989

In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth...

OPENSUSE-SU-2019:1388-1 Security update for signing-party

This update for signing-party fixes the following issues: - CVE-2019-11627: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID...

Security update for signing-party (moderate)

openSUSE Security Update: Security update for signing-party Announcement ID: openSUSE-SU-2019:1388-1 Rating: moderate References: 1134040 Cross-References: CVE-2019-11627 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description:...

Debian: Security Advisory (DLA-1773-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1773-1 : signing-party security update

An unsafe shell call enabling shell injection via a user ID was corrected in gpg-key2ps, a tool to generate a PostScript file with OpenPGP key fingerprint slips. For Debian 8 'Jessie', this problem has been fixed in version 1.1.10-3+deb8u1. We recommend that you upgrade your signing-party package...

[SECURITY] [DLA 1773-1] signing-party security update

Package : signing-party Version : 1.1.10-3+deb8u1 CVE ID : CVE-2019-11627 Debian Bug : 928256 An unsafe shell call enabling shell injection via a user ID was corrected in gpg-key2ps, a tool to generate a PostScript file with OpenPGP key fingerprint slips. For Debian 8 "Jessie", this problem has...

CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

Code injection

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

DEBIAN-CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

UBUNTU-CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

CVE-2019-11627

CVE-2019-11627 affects signing-party’s gpg-key2ps tool, where an unsafe shell call enables shell injection via a User ID. Public advisories (openSUSE, Mageia) report this vulnerability and provide updates that fix the issue in signing-party packages. The vulnerability is labeled critical (CVSSv3....

CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...