SUSE-SU-2019:3267-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution bsc1158095...

CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

ALPINE-CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

Design/Logic Flaw

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

CVE-2019-19604

Git before 2.24.1 is vulnerable to arbitrary command execution via recursive submodule updates because a malicious .gitmodules can cause commands to be run. Affected ranges include 2.20.2, 2.21.x, 2.22.x, 2.23.x, and 2.24.x prior to 2.24.1. Remediation: upgrade to Git 2.24.1 or later (UPC/ALAS re...

CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

CVE-2019-19604

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository...

Broadcom CA Automic Sysload CVE-2019-19518 Arbitrary Command Execution Vulnerability

Description Broadcom CA Automic Sysload is prone to an arbitrary command-execution vulnerability. An attacker can exploit this issue to execute arbitrary system command on the affected system. This may aid in further attacks. CA Automic Sysload versions 5.6.0, 5.8.0, 5.8.1, 6.0.0, 6.0.1, 6.1.2 ar...

Unspecified Vulnerability in IBM Cloud Pak System Platform System Manager

IBM Cloud Pak System is a complete stack converged infrastructure from IBM USA. The product provides a virtualized cloud operating environment for applications. A CVS injection vulnerability exists in Platform System Manager in IBM Cloud Pak System versions 2.3 through 2.3.0.1, which stems from t...

libpoe-component-irc-perl Formatting String Error Vulnerability

libpoe-component-irc-perl is an event-driven Perl IRC client module. A format string error vulnerability exists in versions of libpoe-component-irc-perl prior to 6.32, which can be exploited to execute arbitrary commands on a system by sending specially crafted IRC commands...

IBM Cloud Pak System Multiple Security Vulnerabilities

Description IBM Cloud Pak System is prone to the following security vulnerabilities: 1. An arbitrary command-execution vulnerability 2. A cross-site request-forgery vulnerability An attacker can exploit these issues to execute arbitrary commands or perform unauthorized actions in the context of...

Design/Logic Flaw

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...

CVE-2019-19459

The SALTO ProAccess SPACE 5.4.3.0 vulnerability set includes CVE-2019-19458 (Directory Traversal in Data Export) and CVE-2019-19459 (arbitrary file write). The root cause is the ability to write arbitrary content to arbitrary files, enabling potential command execution. The web server runs as a W...

CVE-2019-14812

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...

CVE-2019-15595

A privilege escalation exists in UniFi Video Controller =3.10.6 that would allow an attacker on the local machine to run arbitrary commands...

DEBIAN-CVE-2019-18610

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface AMI user without system authorization could use a specially crafted Originate AMI request to execute arbitrary syst...

CVE-2019-18610

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface AMI user without system authorization could use a specially crafted Originate AMI request to execute arbitrary syst...

CVE-2019-18610

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface AMI user without system authorization could use a specially crafted Originate AMI request to execute arbitrary syst...