EulerOS 2.0 SP2 : libvirt (EulerOS-SA-2019-1724)

According to the versions of the libvirt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: arbitrary command execution via...

EulerOS 2.0 SP2 : vim (EulerOS-SA-2019-1753)

According to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text fi...

vim security update

2:8.0.1763-11 - 1719812 - CVE-2019-12735 vim: vim/neovim: arbitrary command execution in getchar.c rhel-8.1.0...

vim security update

2:7.4.629-5.2 - 1724045 - fix CVE-2019-12735 the :source! command allows arbitrary command execution via the modeline - fix spec warnings about expanding macros...

CVE-2019-13637

In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows. An attacker could exploit this vulnerability by convincing a targeted user to follow a...

vim security update

CentOS Errata and Security Advisory CESA-2019:1774 An update for vim is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: vim

Issue Overview: It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. CVE-2019-12735 Affected Packages: vim Issue Correction: Run yum update vim o...

Palo Alto Networks PAN-OS Command Injection Vulnerability (CNVD-2019-23071)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A command injection vulnerability exists in Palo Alto Networks PAN-OS version 9.0.2 and earlier. The vulnerability arises from a network system or product not properly filtering specific...

RHEL 7 : vim (RHSA-2019:1793)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1793 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim/neovim: ':source!' command allows arbitrary command executio...

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

RHEL 6 : vim (RHSA-2019:1774)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1774 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim/neovim: ':source!' command allows arbitrary command executio...

The vulnerability of Cisco Enterprise NFV Infrastructure Software’s software lies in the lack of measures to sanitize input data, allowing attackers to execute arbitrary commands with root privileges.

The vulnerability of Cisco Enterprise NFV Infrastructure Software-related software lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability could allow a attacker to execute arbitrary commands with root privileges...

Scientific Linux Security Update : vim on SL6.x i386/x86_64 (20190715)

Security Fixes : - vim/neovim: ':source!' command allows arbitrary command execution via modelines CVE-2019-12735 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid126715; scriptversion"1.4";...

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

RHEL 8 : virt:8.0.0 (RHSA-2019:1762)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1762 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Re...

libvirt: arbitrary command execution via virConnectGetDomainCapabilities API

The virConnectGetDomainCapabilities libvirt API accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument,...

TRENDnet TEW-827DRU Command Injection Vulnerability (CNVD-2019-22209)

The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A security vulnerability exists in the TRENDnet TEW-827DRU using firmware version 2.04B03 and earlier. An attacker can exploit the vulnerability to execute arbitrary commands on the device...

Arbitrary Command Execution

libvirt is vulnerable to Arbitrary Command Execution. The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs accept an "emulator" argument to specify the program providing emulation for a domain. An attacker could specify an arbitrary path for this argument, causing...

Fedora 30 : libvirt (2019-b2dfb13daf)

CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API bz 1722463, bz 1720115 - CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients bz 1722462, bz 1720114 - CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API bz...

The vulnerability of FortiWeb web applications’ network firewalls stems from the lack of protective measures for the website structure. This allows attackers to execute arbitrary code or perform arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or issue arbitrary commands using attack reports generated in HTML...