exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2017-16667

больше 8 лет назад

backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.

CVSS3: 7.8

EPSS: Низкий

CVE-2017-16667

больше 8 лет назад

backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.

CVSS3: 7.8

EPSS: Низкий

CVE-2017-16667

больше 8 лет назад

backintime (aka Back in Time) before 1.1.24 did improper escaping/quot ...

CVSS3: 7.8

EPSS: Низкий

openSUSE-SU-2017:3096-1

около 8 лет назад

Security update for backintime

EPSS: Низкий

GHSA-pv66-pfcm-qv9x

больше 3 лет назад

backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.

CVSS3: 7.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2017-16667 backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.	CVSS3: 7.8	0% Низкий	больше 8 лет назад
CVE-2017-16667 backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.	CVSS3: 7.8	0% Низкий	больше 8 лет назад
CVE-2017-16667 backintime (aka Back in Time) before 1.1.24 did improper escaping/quot ...	CVSS3: 7.8	0% Низкий	больше 8 лет назад
openSUSE-SU-2017:3096-1 Security update for backintime		0% Низкий	около 8 лет назад
GHSA-pv66-pfcm-qv9x backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.	CVSS3: 7.8	0% Низкий	больше 3 лет назад

Уязвимостей на страницу