CVE-2019-15419

The Asus ASUSX0151 Android device with a build fingerprint of asus/CNX015/ASUSX0151:7.0/NRD90M/CNX015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=5, versionName=5.0.1 that allows unauthorized command...

Command injection

The Asus ASUSX0151 Android device with a build fingerprint of asus/CNX015/ASUSX0151:7.0/NRD90M/CNX015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=5, versionName=5.0.1 that allows unauthorized command...

CVE-2019-15419

Technical details about CVE-2019-15419 are not publicly provided in the connected documents. Monitor for updates and new disclosures before drawing conclusions on impact, affected components, or remediation.

CVE-2019-15418

The Asus ASUSX00K1 Android device with a build fingerprint of asus/CNX00K/ASUSX00K1:7.0/NRD90M/CNX00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=5, versionName=5.0.1 that allows unauthorized command...

CVE-2019-15418

The CVE-2019-15418 entry concerns the ASUS_X00K_1 device running Android 7.0 with a pre-installed app (package com.lovelyfont.defcontainer, versionCode 5, versionName 5.0.1) that enables unauthorized command execution via a confused deputy attack. Affected component is the defcontainer app on the...

CVE-2019-16662

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution...

CVE-2019-10969

Affected product: Moxa EDR 810 Series Secure Router (all versions 5.1 and prior). Vulnerability: CVE-2019-10969 is described as an improper input validation vulnerability in the CLI/ping feature that allows an authenticated attacker to execute unauthorized commands on the router, potentially resu...

WordPress Give SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Give is one of the fundraising platform plugins used in it. A SQL injection vulnerability exists in WordPress Give. The vulnerability...

CVE-2019-10915

A vulnerability has been identified in TIA Administrator All versions V1.0 SP1 Upd1. The integrated configuration web application TIA Administrator allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access t...

CVE-2019-5497

NetApp AFF A700s Baseboard Management Controller BMC firmware versions 1.22 and higher were shipped with a default account enabled that could allow unauthorized arbitrary command execution...

CVE-2019-11646

Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure ...

CVE-2019-11646

CVE-2019-11646 affects Micro Focus Service Manager, impacting multiple versions including 9.30 through 9.61. The description across sources states a vulnerability enabling remote unauthorized command execution and unauthorized disclosure of information. The connected documents consistently descri...

Default Privileged Account Vulnerability in the NetApp Service Processor - Lenovo Support US

No description provided...

openSUSE Security Update : bash (openSUSE-2019-1178)

This update for bash fixes the following issues: Security issue fixed : - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user BASHCMDS allowing the user to execute any command with the permissions of the shell bsc1130324. This update was imported from the SUSE:SLE-12-SP2:Upda...

Grandstream GWN7000 Command Injection Vulnerability

The Grandstream GWN7000 is an enterprise-class VPN router from Grandstream. A security vulnerability exists in the Grandstream GWN7000 versions prior to 1.0.6.32. An attacker can exploit this vulnerability to execute illegal commands...

CVE-2019-9924

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASHCMDS, thus allowing the user to execute any command with the permissions of the shell...

The vulnerability of the astra-safepolicy utility in the Astra Linux operating system allows a perpetrator to gain access to confidential data and unauthorizedly execute the command interpreter.

The vulnerability of the astra-safepolicy utility in the Astra Linux operating system is related to a flaw that causes no cleanup of the environment during the execution of interpreters, and it also allows for bypassing restrictions on the execution of these interpreters by unauthorized users...

Authentication flaw

Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key TK 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware...

CVE-2018-17933

VGo Robot Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client...

Security Bulletin: Security vulnerabilities have been identified in DB2 which is shipped with IBM Performance Management products

Summary DB2 is shipped with IBM Performance Management products. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-1520 DESCRIPTION: IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorize...