Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6230 | 1 Ruckuswireless | 2 Smartzone Managed Access Point Firmware, Solo Access Point Firmware | 2018-03-16 | 9.0 HIGH | 8.8 HIGH |
| Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems. | |||||
| CVE-2018-6926 | 1 Misp | 1 Misp | 2018-03-16 | 9.0 HIGH | 7.2 HIGH |
| In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator. | |||||
| CVE-2017-6229 | 1 Ruckuswireless | 30 H320, H320 Firmware, H510 and 27 more | 2018-03-12 | 9.0 HIGH | 8.8 HIGH |
| Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems. | |||||
| CVE-2018-0514 | 1 Futomi | 1 Mp Form Mail Cgi | 2018-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-0512 | 1 Iodata | 90 Bx-vp1, Bx-vp1 Firmware, Gv-ntx1 and 87 more | 2018-03-06 | 7.7 HIGH | 6.8 MEDIUM |
| Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-1000043 | 1 Securityonion | 1 Squert | 2018-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0. | |||||
| CVE-2018-1000042 | 1 Securityonion | 1 Squert | 2018-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0. | |||||
| CVE-2018-1000019 | 1 Open-emr | 1 Openemr | 2018-03-01 | 9.0 HIGH | 8.8 HIGH |
| OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher. | |||||
| CVE-2018-6353 | 1 Electrum | 1 Electrum | 2018-02-15 | 7.2 HIGH | 7.8 HIGH |
| The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022. | |||||
| CVE-2018-6388 | 1 Iball | 2 Ib-wra150n, Ib-wra150n Firmware | 2018-02-15 | 9.0 HIGH | 8.8 HIGH |
| iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page. | |||||
| CVE-2018-0506 | 1 Nootka Project | 1 Nootka | 2018-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-1000502 | 1 Jenkins | 1 Ec2 | 2018-02-12 | 9.0 HIGH | 8.8 HIGH |
| Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators. | |||||
| CVE-2016-10709 | 1 Pfsense | 1 Pfsense | 2018-02-09 | 9.0 HIGH | 8.8 HIGH |
| pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. | |||||
| CVE-2017-1000473 | 1 Linux-dash Project | 1 Linux-dash | 2018-01-19 | 7.2 HIGH | 7.8 HIGH |
| Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. | |||||
| CVE-2017-17888 | 1 Hoytech | 1 Antiweb | 2018-01-17 | 9.0 HIGH | 8.8 HIGH |
| cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. | |||||
| CVE-2012-1795 | 1 Webglimpse | 1 Webglimpse | 2018-01-12 | 7.5 HIGH | N/A |
| webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012. | |||||
| CVE-2016-0634 | 1 Gnu | 1 Bash | 2018-01-05 | 6.0 MEDIUM | 7.5 HIGH |
| The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. | |||||
| CVE-2014-3121 | 1 Marc Lehmann | 1 Rxvt-unicode | 2017-12-29 | 7.6 HIGH | N/A |
| rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. | |||||
| CVE-2017-10904 | 1 Qt | 1 Qt | 2017-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2012-2976 | 1 Symantec | 1 Web Gateway | 2017-12-22 | 10.0 HIGH | N/A |
| The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue. | |||||