Important: Red Hat Security Advisory: libvirt security and bug fix update

An update for libvirt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2019-12491

OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud e.g. by renting one. From the sour...

The vulnerability of the Python script subsystem of the NX-OS network operating system allows a hacker to execute arbitrary commands and increase their privileges.

The vulnerability of the Python script subsystem in the NX-OS network operating system is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary commands and increase their privileges...

The vulnerability of the command-line interface of networking operating systems NX-OS and FX-OS allows attackers to escalate their privileges and execute arbitrary commands.

The vulnerability of the command-line interface of networking operating systems NX-OS and FX-OS is related to insufficient checking of arguments passed to certain CLI commands. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary commands...

The vulnerability of the command-line interface of networking operating systems FX-OS and NX-OS allows attackers to escalate their privileges and execute arbitrary commands.

The vulnerability of the command-line interface of networking operating systems FX-OS and NX-OS is related to insufficient checking of arguments passed to certain CLI commands. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary commands...

OrangeHRM Arbitrary Command Injection Vulnerability

OrangeHRM is a human resource management system HRM from OrangeHRM, Inc. in the United States. The system supports personnel information management, leave management, attendance management and recruitment management. A command injection vulnerability exists in admin/listMailConfiguration in...

CVE-2019-12840

Summary of CVE-2019-12840 details (Webmin): An authenticated user in the Webmin Webmin Package Updates module could run arbitrary commands as root by sending a crafted data parameter to update.cgi, affecting Webmin versions up to 1.910. This vulnerability enables remote command execution with hig...

CVE-2019-12839

In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration txtSendmailPath parameter that allows authenticated attackers to achieve arbitrary command execution...

Adobe ColdFusion Command Injection Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. A command injection vulnerability exists in Adobe ColdFusion 2018 Update 4 and earlier, ColdFusion 2016...

Sql injection

SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table...

McAfee Agent 5.0.x / 5.5.0 / 5.5.1 Multiple Vulnerabilities (SB10260)

The version of McAfee Agent, formerly McAfee ePolicy Orchestrator ePO Agent, installed on the remote host is 5.0.x, 5.5.0, or 5.5.1. It is, therefore, affected by multiple vulnerabilities. These include an arbitrary command execution and potentially a remote code execution vulnerability. A local...

The vulnerability of the command-line interface implementation of the network operating system NX-OS allows a attacker to execute arbitrary commands on the underlying operating system.

The vulnerability of the command-line interface implementation of the networking operating system NX-OS exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to execute arbitrary...

The vulnerability of the command-line interface implementation of the network operating system NX-OS allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface implementation of the NX-OS network operating system is caused by buffer overflow. Exploiting this vulnerability can allow an attacker to execute arbitrary commands with root privileges...

CVE-2019-12585

Apcupsd 0.3.915, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsdstatus.php...

Command injection

Apcupsd 0.3.915, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsdstatus.php...

CVE-2019-12585

Apcupsd 0.3.915, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsdstatus.php...

CVE-2019-12585

Apcupsd 0.3.915, as used in pfSense through 2.4.4-RELEASE-p3 and other products, has an Arbitrary Command Execution issue in apcupsdstatus.php...

CVE-2019-12585

CVE-2019-12585 affects apcupsd 0.3.91_5 (used in pfSense up to 2.4.4-RELEASE-p3) and other products. The issue is an Arbitrary Command Execution via apcupsd_status.php. Public sources (NVD/Red Hat OSV/Red Hat CVE pages) describe the vulnerability as a command-injection style flaw with network acc...

CVE-2019-12569

CVE-2019-12569 affects Viber for Desktop (Windows) prior to 10.7.0, due to unsafe search paths in the URI handler. A targeted user must click a malicious link; successfully, the app loads libraries from the URI-specified directory and could execute arbitrary commands with the user’s privileges. C...

The vulnerability of the microprogrammed programmable logic controller SCALANCE, related to insufficient neutralization of special elements, allows a intruder to execute arbitrary system commands.

The vulnerability of the microprogrammed programmable logic controller SCALANCE is related to the insufficient neutralization of certain special elements. Exploiting this vulnerability allows an attacker with administrator privileges to execute arbitrary system commands...