Design/Logic Flaw

On D-Link DAP-1530 A1 before firmware version 1.06b01, DAP-1610 A1 before firmware version 1.06b01, DWR-111 A1 before firmware version 1.02v02, DWR-116 A1 before firmware version 1.06b03, DWR-512 B1 before firmware version 2.02b01, DWR-711 A1 through firmware version 1.11, DWR-712 B1 before...

CVE-2019-5424

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user...

CVE-2019-5425

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root...

EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1215)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does...

Apple macOS Mojave Time Machine has an unspecified vulnerability

Apple macOS Mojave is a specialized operating system developed by Apple for Mac computers.Time Machine is one of the system, file backup components. An unspecified vulnerability exists in the Time Machine component of Apple macOS Mojave versions prior to 10.14.4. A local attacker can exploit this...

F5 Networks BIG-IP : BIG-IP ASM XSS vulnerability (K14812883)

This is a stored cross-site scripting XSS vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF, which results in code execution as the admin user. CVE-2019-6607 The user levels that can store this attack are ASM Administrator,...

CVE-2018-3969

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerabilit...

Design/Logic Flaw

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerabilit...

CVE-2018-3969

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerabilit...

FreeBSD : rssh - multiple vulnerabilities (d193aa9f-3f8c-11e9-9a24-6805ca0b38e8)

NVD reports : rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp...

Design/Logic Flaw

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3463

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3463

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3463

CVE-2019-3463 involves insufficient sanitization of arguments passed to rsync, which can bypass rssh restrictions and allow execution of arbitrary shell commands. The issue lies in how rsync arguments are processed, enabling an authorized user to escape intended restrictions of the restricted she...

CVE-2019-3463

Removed by vendor...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

Debian DSA-4382-1 : rssh - security update

Nick Cleaton discovered two vulnerabilities in rssh, a restricted shell that allows users to perform only scp, sftp, cvs, svnserve Subversion, rdist and/or rsync operations. Missing validation in the rsync support could result in the bypass of this restriction, allowing the execution of arbitrary...

rssh - multiple vulnerabilities

NVD reports: rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp...