DEBIAN-CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

ALPINE-CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

AZL-35106 CVE-2019-13638 affecting package patch for versions less than 2.7.6-9

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

UBUNTU-CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

CVE-2019-6962

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...

CVE-2019-6962

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...

Sql injection

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...

CVE-2019-6962

A shell injection issue in cosawifiapis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process running as root if the platform was compiled with the ENABLEFEATUREMESHWIFI macro. The attack is...

CVE-2019-6962

The CVE-2019-6962 issue affects the RDK B/CcspWifiAgent stack (RDKB-20181217-1) via the cosa_wifi_apis.c shell-injection path. If ENABLE_FEATURE_MESHWIFI is enabled, an attacker with login credentials can craft the Wi‑Fi network password to include escape characters, enabling arbitrary shell comm...

CVE-2019-1878 Cisco TelePresence Endpoint Command Shell Injection Vulnerability

A vulnerability in the Cisco Discovery Protocol CDP implementation for the Cisco TelePresence Codec TC and Collaboration Endpoint CE Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to...

Design/Logic Flaw

The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection...

CVE-2018-10697

The CVE-2018-10697 entry affects Moxa AWK-3121 (firmware 1.14). The vulnerability is a command injection in the POST parameter srvName exposed via the device’s ping functionality, allowing an attacker to craft input with shell metacharacters and execute commands on the device. Reported as impacti...

openSUSE: Security Advisory for signing-party (openSUSE-SU-2019:1388-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : signing-party (openSUSE-2019-1388)

This update for signing-party fixes the following issues : - CVE-2019-11627: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

CVE-2018-19989

In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth...

OPENSUSE-SU-2019:1388-1 Security update for signing-party

This update for signing-party fixes the following issues: - CVE-2019-11627: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID...

Security update for signing-party (moderate)

openSUSE Security Update: Security update for signing-party Announcement ID: openSUSE-SU-2019:1388-1 Rating: moderate References: 1134040 Cross-References: CVE-2019-11627 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description:...

Debian: Security Advisory (DLA-1773-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1773-1 : signing-party security update

An unsafe shell call enabling shell injection via a user ID was corrected in gpg-key2ps, a tool to generate a PostScript file with OpenPGP key fingerprint slips. For Debian 8 'Jessie', this problem has been fixed in version 1.1.10-3+deb8u1. We recommend that you upgrade your signing-party package...

[SECURITY] [DLA 1773-1] signing-party security update

Package : signing-party Version : 1.1.10-3+deb8u1 CVE ID : CVE-2019-11627 Debian Bug : 928256 An unsafe shell call enabling shell injection via a user ID was corrected in gpg-key2ps, a tool to generate a PostScript file with OpenPGP key fingerprint slips. For Debian 8 "Jessie", this problem has...