Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6021 | 1 Silextechnology | 4 Geh-sd-320an, Geh-sd-320an Firmware, Sd-320an and 1 more | 2018-06-13 | 6.5 MEDIUM | 7.4 HIGH |
| Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution. | |||||
| CVE-2018-0556 | 1 Buffalo | 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware | 2018-05-16 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-0545 | 1 Lxr Project | 1 Lxr | 2018-05-15 | 10.0 HIGH | 9.8 CRITICAL |
| LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-1000118 | 1 Electronjs | 1 Electron | 2018-04-20 | 9.3 HIGH | 8.8 HIGH |
| Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it. | |||||
| CVE-2018-0539 | 1 Qqq Systems Project | 1 Qqq Systems | 2018-04-13 | 10.0 HIGH | 9.8 CRITICAL |
| QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2018-1000006 | 2 Atom, Microsoft | 4 Electron, Windows 10, Windows 7 and 1 more | 2018-03-31 | 9.3 HIGH | 8.8 HIGH |
| GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16. | |||||
| CVE-2018-6530 | 1 D-link | 8 Dir-860l, Dir-860l Firmware, Dir-865l and 5 more | 2018-03-27 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. | |||||
| CVE-2017-7640 | 1 Qnap | 2 Media Streaming Add-on, Qts | 2018-03-27 | 10.0 HIGH | 9.8 CRITICAL |
| QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to run arbitrary OS commands against the system with root privileges. | |||||
| CVE-2018-7664 | 1 Clip-bucket | 1 Clipbucket | 2018-03-27 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php. | |||||
| CVE-2018-0523 | 1 Buffalo | 2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware | 2018-03-26 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-4117 | 1 Vestacp | 1 Control Panel | 2018-03-23 | 6.5 MEDIUM | 8.8 HIGH |
| Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php. | |||||
| CVE-2018-7448 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-03-22 | 8.5 HIGH | 7.5 HIGH |
| Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | |||||
| CVE-2016-0291 | 1 Ibm | 1 Bigfix Platform | 2018-03-17 | 9.0 HIGH | 8.8 HIGH |
| IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow remote authenticated users to execute arbitrary commands by leveraging report server access. IBM X-Force ID: 111302. | |||||
| CVE-2017-6230 | 1 Ruckuswireless | 2 Smartzone Managed Access Point Firmware, Solo Access Point Firmware | 2018-03-16 | 9.0 HIGH | 8.8 HIGH |
| Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus Networks SZ managed APs firmware releases R5.x or before contain authenticated Root Command Injection in the web-GUI that could allow authenticated valid users to execute privileged commands on the respective systems. | |||||
| CVE-2018-6926 | 1 Misp | 1 Misp | 2018-03-16 | 9.0 HIGH | 7.2 HIGH |
| In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator. | |||||
| CVE-2017-6229 | 1 Ruckuswireless | 30 H320, H320 Firmware, H510 and 27 more | 2018-03-12 | 9.0 HIGH | 8.8 HIGH |
| Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems. | |||||
| CVE-2018-0514 | 1 Futomi | 1 Mp Form Mail Cgi | 2018-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-0512 | 1 Iodata | 90 Bx-vp1, Bx-vp1 Firmware, Gv-ntx1 and 87 more | 2018-03-06 | 7.7 HIGH | 6.8 MEDIUM |
| Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-1000043 | 1 Securityonion | 1 Squert | 2018-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0. | |||||
| CVE-2018-1000042 | 1 Securityonion | 1 Squert | 2018-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the data or obj parameters, used in autocat(). This vulnerability appears to have been fixed in 1.7.0. | |||||