Arbitrary Command Execution

ceph-iscsi-cli is vulnerable to arbitrary command execution attacks. The vulnerability exists as it was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api...

Arbitrary Command Execution

dhcp is vulnerable to arbitrary command execution attacks. The vulnerability exists as DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server...

Arbitrary Command Execution

sudo is vulnerable to arbitrary command execution attacks. The vulnerability exists as Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution...

Arbitrary Command Execution

mailx is vulnerable to arbitrary command execution. A remote attacker is able to execute arbitrary commands through the expand function in fio.c using shell metacharacters in a malicious email address...

CVE-2018-0670

INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0669...

CVE-2018-0676

BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors...

CVE-2018-0628

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response...

CVE-2018-0629

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response...

Design/Logic Flaw

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response...

CVE-2018-0629

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response...

CVE-2018-0677

BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors...

CVE-2018-0635

The CVE concerns NEC Aterm HC100RC devices (firmware Ver1.0.1 and earlier). The vulnerability is OS command injection via the filename parameter, exploitable by an attacker with administrator rights to run arbitrary commands. Affected component/condition: command injection in the web/firmware han...

CVE-2018-0625

Vulnerability overview: NEC/Nippon Electric Aterm WG1200HP routers with firmware versions 1.0.31 and earlier are affected by an OS command injection vulnerability. The issue allows a user with administrative privileges to trigger arbitrary OS command execution via the formSysCmd parameter. The or...

CVE-2018-5197

A vulnerability in the ExtCommon.dll user extension module version 9.2, 9.2.1, 9.2.2 of Xplatform ActiveX could allow attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters. An crafted malicious parameters could cause...

SUSE SLED15 / SLES15 Security Update : containerd, docker / go (SUSE-SU-2018:4297-1)

This update for containerd, docker and go fixes the following issues : containerd and docker : Add backport for building containerd bsc1102522, bsc1113313 Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 Enable seccomp support on SLE12 fate325877 Update to...

CVE-2018-6342

The CVE-2018-6342 entry concerns react-dev-utils on Windows, where a local webserver accepts commands including one to launch an editor. The input to that command is not properly sanitized, enabling an attacker who can issue a network request (via CSRF or direct request) to execute arbitrary comm...

GLSA-201812-10 : GKSu: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-201812-10 GKSu: Arbitrary command execution A vulnerability was discovered in GKSus gksu-run-helper. Impact : An attacker could execute arbitrary commands. Workaround : There is no known workaround at this time. C Tenable Network...

GKSu: Arbitrary command execution

Background A library that provides a Gtk+ frontend to su and sudo. Description A vulnerability was discovered in GKSu’s gksu-run-helper. Impact An attacker could execute arbitrary commands. Workaround There is no known workaround at this time. Resolution Gentoo has discontinued support for GKSu a...

OPENSUSE-SU-2018:4302-1 Security update for go

This update for go fixes the following issues: - golang: arbitrary command execution via VCS path bsc1081495, CVE-2018-7187 - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely because GOPATH i...

Input validation

The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069trxl601sky/x6069trxl601sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper versionCode=238, versionName=2.3.8 that contains an exported broadcast...