15 matches found
SUSE CVE-2019-13640
In qBittorrent before 4.1.7, the function Application::runExternalProgram located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed...
Mageia: Security Advisory (MGASA-2019-0379)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4650-1 : qbittorrent - security update
Miguel Onoro reported that qbittorrent, a bittorrent client with a Qt5 GUI user interface, allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, which could result in remote command execution via a crafted name within an RSS feed if...
[SECURITY] [DSA 4650-1] qbittorrent security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4650-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2020 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4650-1] qbittorrent security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4650-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2020 https://www.debian.org/security/faq -...
openSUSE: Security Advisory for qbittorrent (openSUSE-SU-2019:2005-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Updated qbittorrent packages fix security vulnerability
In qBittorrent before 4.1.7, the function Application::runExternalProgram located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed...
Fedora 29 : 1:qbittorrent (2019-ce6c6de3cc)
Update to 4.1.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc. T...
Fedora 30 : 1:qbittorrent (2019-2cb551904b)
Update to 4.1.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc. T...
OPENSUSE-SU-2019:2024-1 Security update for qbittorrent
This update for qbittorrent fixes the following issues: - CVE-2019-13640: avoid command injection boo1141967 This update was imported from the openSUSE:Leap:15.1:Update update project...
Security update for qbittorrent (moderate)
openSUSE Security Update: Security update for qbittorrent Announcement ID: openSUSE-SU-2019:2024-1 Rating: moderate References: 1141967 Cross-References: CVE-2019-13640 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This upda...
openSUSE Security Update : qbittorrent (openSUSE-2019-2005)
This update for qbittorrent fixes the following issues : - CVE-2019-13640: avoid command injection boo1141967 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2019-2005. The text description of this plugi...
OPENSUSE-SU-2019:2005-1 Security update for qbittorrent
This update for qbittorrent fixes the following issues: - CVE-2019-13640: avoid command injection boo1141967...
CVE-2019-13640
CVE-2019-13640 affects qbittorrent prior to 4.1.7, where Application::runExternalProgram() in app/application.cpp allows command injection via shell metacharacters in torrent name or current tracker, enabling remote command execution. Multiple connected advisories confirm this is real, with Debia...
CVE-2019-13640
In qBittorrent before 4.1.7, the function Application::runExternalProgram located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed...