VDB

GCVE-110-MAGEIA-2018-59

GCVE-110-MAGEIA-2018-59
Advisory Published
Vulnetix · Advisory published January 4, 2018
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands (CVE-2017-16667).

Affected Products

VendorProductVersionsPlatforms
Mageianetworkmanager-openconnect0 (affected), 1.2.4-1.1.mga6 (unaffected)
Mageiaopenconnect0 (affected), 7.08-1.mga6 (unaffected)
Mageiabackintime1.1.24-1.mga6 (unaffected), 0 (affected), 0 (affected), 1.1.24-1.mga6 (unaffected)

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›