F5 Networks BIG-IP : BIG-IP AFM and PEM TMUI XSS vulnerability (K61002104)

Undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the XSS. CVE-2019-6639 Impact A...

TRENDnet TEW-827DRU Command Injection Vulnerability

The TRENDnet TEW-827DRU is a wireless router from TRENDnet. A command injection vulnerability exists in the apply.cgi file in the TRENDnet TEW-827DRU using firmware prior to version 2.05B11. The vulnerability stems from a network system or product not properly filtering specific elements of...

Centreon Arbitrary System Command Execution Vulnerability

Centreon is a free and open source IT and application monitoring software. An arbitrary system command execution vulnerability exists in Centreon 19.04. An attacker can insert arbitrary commands into the database using the "initscript"-"Monitoring Engine Binary" value in main.get.php and execute...

D-Link DIR-823G Command Injection Vulnerability (CNVD-2019-20996)

The D-Link DIR-823G is a wireless router from AUO D-Link of Taiwan, China. A command injection vulnerability exists in HNAP1 in the D-Link DIR-823G using firmware version 1.02B03. The vulnerability stems from a network system or product not properly filtering specific elements of externally input...

EulerOS 2.0 SP5 : vim (EulerOS-SA-2019-1690)

According to the version of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text fi...

CentOS Update for vim-common CESA-2019:1619 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-13024

Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "initscript"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the...

CVE-2019-13024

Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "initscript"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the...

CVE-2019-13024

Centreon 18.x up to 18.10.5, 19.x up to 19.04.2, and Centreon web prior to 2.8.29 are affected by CVE-2019-13024, a remote command-injection vulnerability. The flaw lets an attacker insert an arbitrary command into the database via the value pair "init_script"-"Monitoring Engine Binary" in main.g...

CVE-2019-13024

Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "initscript"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the...

vim security update

CentOS Errata and Security Advisory CESA-2019:1619 An update for vim is now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

McAfee Enterprise Security Manager Command Injection Vulnerability

McAfee Enterprise Security Manager ESM is a suite of security information and event management SIEM solutions from McAfee, USA. The solution supports viewing and analyzing threat intelligence as well as rapid threat prioritization and security response, and has a built-in embedded compliance...

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

D-Link DCS-1130 Network Camera Command Injection (CVE-2017-8408)

A Command Injection vulnerability exists in D-Link DCS 1130. An authenticated attacker can send a specially crafted HTTP request to the affected target host and trigger arbitrary command execution...

A vulnerability exists in the package management subsystem of the Cisco NX-OS network operating system, allowing a malicious actor to execute arbitrary commands.

The vulnerability in the package management subsystem of the Remote Package Manager RPM of the Cisco NX-OS network operating system in Cisco devices is related to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability could allow an attacker to execute...

RHEL 8 : virt:rhel (RHSA-2019:1580)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1580 advisory. The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems...

Scientific Linux Security Update : libvirt on SL7.x x86_64 (20190620)

Security Fixes : - libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API CVE-2019-10161 - libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients CVE-2019-10166 - libvirt: arbitrary command execution via virConnectGetDomainCapabilities API CVE-2019-10167 - libvirt:...

libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs

The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an...

Important: Red Hat Security Advisory: virt:rhel security update

An update for the virt:rhel module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs

The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an...