1774 matches found
[SECURITY] [DLA 1890-1] kde4libs security update
Package : kde4libs Version : 4:4.14.2-5+deb8u3 CVE ID : CVE-2019-14744 Debian Bug : 934268 Dominik Penner discovered a flaw in how KConfig interpreted shell commands in desktop files and other configuration files. An attacker may trick users into installing specially crafted files which could the...
CVE-2019-14986
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...
CVE-2019-14986
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...
Design/Logic Flaw
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...
CVE-2019-14986
eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installed allow administrative operations by unauthenticated attackers with access to the web interface, because features such as File-Browser and Shell Command as well as "Set root password" are exposed...
NewStart CGSL MAIN 4.05 : git Vulnerability (NS-SA-2019-0120)
The remote NewStart CGSL host, running version MAIN 4.05, has git packages installed that are affected by a vulnerability: - A shell command injection flaw related to the handling of ssh URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges...
NewStart CGSL MAIN 4.05 : ghostscript Vulnerability (NS-SA-2019-0145)
The remote NewStart CGSL host, running version MAIN 4.05, has ghostscript packages installed that are affected by a vulnerability: - It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection...
Debian: Security Advisory (DSA-4494-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...
CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...
KDE Frameworks -- malicious .desktop files execute code
The KDE Community has released a security announcement: The syntax Key$e=$shell command in .desktop files, .directory files, and configuration files typically found in /.config was an intentional feature of KConfig, to allow flexible configuration. This could however be abused by malicious people...
Debian DSA-4489-1 : patch - security update
Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed. This update includes a bugfix for a regression introduced by the patch to address...
Debian: Security Advisory (DSA-4489-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4489-1] patch security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4489-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 27, 2019 https://www.debian.org/security/faq -...
AZL-6790 CVE-2019-13638 affecting package patch for versions less than 2.7.6-7
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...
CVE-2019-13386
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege...
CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...
CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...
CVE-2019-13386
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege...
CVE-2019-13638
CVE-2019-13638 affects GNU patch up to version 2.7.6. It enables OS shell command injection when processing a crafted patch file containing an ed-style diff payload with shell metacharacters; the ed editor need not be present on the target system. Multiple connected advisories confirm vulnerable ...