Amazon Linux 2 : patch (ALAS-2019-1317)

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 , but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.CVE-2018-20969 GNU patch through 2.7.6 is vulnerable to OS shell...

CVE-2019-13651

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection issue 3 of 5...

CVE-2019-13652

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection issue 4 of 5...

Command injection

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection issue 5 of 5...

Command injection

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection issue 3 of 5...

Command injection

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection issue 2 of 5...

CVE-2019-13653

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection issue 5 of 5...

CVE-2019-13653

The CVE-2019-13653 entry applies to TP-Link M7350 devices up to and including firmware 1.0.16 Build 181220 Rel.1116n. The vulnerability is a triggerPort OS Command Injection in TP-Link M7350, allowing execution of OS commands (root cause not explicitly detailed in provided documents). Connected s...

CVE-2019-13652

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection issue 4 of 5...

CVE-2019-13652

CVE-2019-13652 affects TP-Link M7350 devices running firmware up to 1.0.16 Build 181220 Rel.1116n. The issue is a serviceName OS Command Injection , enabling an attacker to execute OS commands on the device. Public sources in the connected documents consistently describe this vulnerability as a h...

CVE-2019-13651

The CVE-2019-13651 entry covers TP-Link M7350 devices with firmware up to 1.0.16 Build 181220 Rel.1116n. The vulnerability is a portMappingProtocol OS Command Injection in the device’s web interface, enabling an attacker to execute arbitrary OS commands. Affected component: portMappingProtocol ha...

CVE-2019-13651

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection issue 3 of 5...

CVE-2019-13650

CVE-2019-13650 affects TP-Link M7350 mobile routers. The connected sources describe an internalPort OS Command Injection vulnerability in TP-Link M7350 devices running 1.0.16 Build 181220 Rel.1116n and earlier, allowing an attacker to execute OS commands on the device. CVSS metrics from NVD indic...

CVE-2019-13650

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection issue 2 of 5...

CVE-2019-13649

CVE-2019-13649 affects TP-Link M7350 mobile routers. According to multiple sources, including NVD and CNVD/Red Hat records, devices running firmware up to 1.0.16 Build 181220 Rel.1116n expose an externalPort parameter that allows OS command injection, enabling an attacker to execute commands with...

CVE-2019-13649

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection issue 1 of 5...

Important: patch

Issue Overview: doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.CVE-2018-20969 GNU patch through 2.7.6 is vulnerab...

Sonatype Nexus Repository Manager CVE-2019-15588 OS Command Injection Vulnerability

Description Sonatype Nexus Repository Manager is prone to an OS command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. Versions prior to Nexus Repository Manager...

CVE-2019-17501

CVE-2019-17501 is connected to an RCE issue in Centreon Web. Red Hat’s entry confirms affected ranges: Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5, and 19.10.x before 19.10.2, with a fix likely in 19.04.5 for the 19.04 line. The initial description indicates Centreo...

CVE-2019-17509

CVE-2019-17509 affects D-Link DIR-846 devices with firmware 100A35. Remote attackers with admin access can execute arbitrary OS commands as root by sending a crafted /HNAP1/ SetMasterWLanSettings request to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php using shell metacharacters. The...