Debian DSA-4494-1 : kconfig - security update

Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file e.g. if it's embedded into a downloaded archive and it gets opened in a file browser...

NewStart CGSL CORE 5.04 / MAIN 5.04 : vim Vulnerability (NS-SA-2019-0161)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has vim packages installed that are affected by a vulnerability: - It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim...

NewStart CGSL CORE 5.04 / MAIN 5.04 : golang Multiple Vulnerabilities (NS-SA-2019-0047)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has golang packages installed that are affected by multiple vulnerabilities: - An arbitrary command execution flaw was found in the way Go's go get command handled the checkout of source code repositories. A remote attacker...

Command Execution Vulnerability in Netcom WAN Acceleration Gateway

Netcom WAN optimization gateway NS-WOG is the latest technological innovation from Netcom. WAN optimization, also commonly referred to as WAN acceleration. A command execution vulnerability exists in the Netcom WAN acceleration gateway. It allows attackers to exploit the vulnerability to execute...

Arbitrary Command Execution

zsh is vulnerable to arbitrary command execution. The truncation of Shebang lines that exceed 64 characters could potentially lead to arbitrary execve call...

HP 2910al-48G Arbitrary Command Execution Vulnerability

The HP 2910al-48G is an Ethernet switch from Hewlett Packard Enterprise HPE in the United States. An arbitrary command execution vulnerability exists in the HP 2910al-48G version W.15.14.0016, which can be exploited by an attacker to execute arbitrary commands...

Nextcloud Android app SQL injection vulnerability

Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. A SQL injection vulnerability exists in the Nextcloud Android app versions prior to 3.0.0. The vulnerability stems from a lack of validation of externally entered SQL statements in...

vim/neovim: ': source!' command allows arbitrary command execution via modelines

It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution...

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

CVE-2019-14416

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

CVE-2019-14417

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality...

CVE-2019-14416

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

Command injection

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

CVE-2019-14417

Veritas Resiliency Platform (VRP) prior to 3.4 HF1 contains an arbitrary command execution vulnerability in its DNS-related functionality that lets a malicious VRP user run commands with root privileges inside the VRP VM. Affected software is VRP before 3.4 HF1; the underlying issue is tied to DN...

CVE-2019-14417

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality...

CVE-2019-14416

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality...

PHKP 'pgp_exec()' function command injection vulnerability

PHKP is a PHP-based implementation of the OpenPGP HTTP secret key server protocol. A command injection vulnerability exists in the 'pgpexec' function of the phkp.php file in PHKP. The vulnerability stems from a network system or product not properly filtering special elements of externally entere...

EulerOS 2.0 SP8 : libvirt (EulerOS-SA-2019-1774)

According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: virDomainManagedSaveDefineXML API exposed to...

Citrix Systems SD-WAN Center and NetScaler SD-WAN Center Command Injection Vulnerability (CNVD-2019-40148)

Citrix Systems SD-WAN Center is a centralized management system from Citrix Systems USA. The system is primarily used to configure, monitor and analyze all Citrix SD-WAN devices on the WAN. A command injection vulnerability exists in Citrix Systems SD-WAN Center. The vulnerability arises from a...

EulerOS 2.0 SP2 : libvirt (EulerOS-SA-2019-1724)

According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: arbitrary command execution via...