VDB
GCVE-110-MAGEIA-2018-59
GCVE-110-MAGEIA-2018-59
Advisory Published
backintime (aka Back in Time) before 1.1.24 did improper
escaping/quoting of file paths used as arguments to the 'notify-send'
command, leading to some parts of file paths being executed as shell
commands within an os.system call in qt4/plugins/notifyplugin.py. This
could allow an attacker to craft an unreadable file with a specific name
to run arbitrary shell commands (CVE-2017-16667).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | networkmanager-openconnect | 0 (affected), 1.2.4-1.1.mga6 (unaffected) | — |
| Mageia | openconnect | 0 (affected), 7.08-1.mga6 (unaffected) | — |
| Mageia | backintime | 1.1.24-1.mga6 (unaffected), 0 (affected), 0 (affected), 1.1.24-1.mga6 (unaffected) | — |
Aliases
References
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.