Lucene search
K

100 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.2 views

SUSE CVE-2020-28024

Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtpungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF...

9.8CVSS8.1AI score0.04074EPSS
Exploits1References6
CNVD
CNVD
added 2022/12/20 12:0 a.m.3 views

NETGEAR Nighthawk WiFi6 Router Command Injection Vulnerability

The NETGEAR Nighthawk WiFi6 Router is a series of routers that support WiFi 6 technology and are designed for users who are looking for a high-speed Internet experience. The NETGEAR Nighthawk WiFi6 Router suffers from a command injection vulnerability that originates from improper user input...

8.8CVSS8.2AI score0.01203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/04 12:0 a.m.5 views

PT-2022-27863 · Veritas · Veritas Netbackup Access Appliance +1

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup Flex Scale versions 1.0 through 3.0 Veritas NetBackup Access Appliance versions 8.0.0 through 8.0.100 Description: An issue was discovered that allows unauthenticated remote command execution via the management portal...

9.8CVSS9.5AI score0.01261EPSS
Exploits0References5
OSV
OSV
added 2022/09/13 9:15 p.m.3 views

CVE-2022-40623

The WAVLINK Quantum D4G WN531G3 running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues such as CVE-2022-35518, can lead to remote, unauthenticated command execution...

8.8CVSS5.8AI score0.00547EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.5 views

NOKIA 1350 OMS 操作系统命令注入漏洞

NOKIA 1350 OMS is an optical management system from Nokia Finland. An operating system command injection vulnerability exists in NOKIA 1350 OMS version R14.2 that originates from allowing an unauthenticated user to execute commands on the operating system...

8.8CVSS8.2AI score0.01444EPSS
Exploits0References2
OSV
OSV
added 2022/04/22 9:15 p.m.4 views

CVE-2021-3849

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 FPC2 and Lenovo System Management Module SMM firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected...

9.8CVSS5.9AI score0.01216EPSS
Exploits0References1
OSV
OSV
added 2022/04/22 9:15 p.m.4 views

CVE-2021-3897

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 FPC2 and Lenovo System Management Module SMM firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected...

9.8CVSS5.9AI score0.0121EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/04 2:15 p.m.27 views

CVE-2021-43711

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution...

9.8CVSS7.3AI score0.36272EPSS
In wildExploits1References2
Prion
Prion
added 2022/01/04 2:15 p.m.21 views

Command injection

The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution...

7.5CVSS9.8AI score0.36272EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.3 views

Lenovo Fan Power Controller2 授权问题漏洞

Lenovo Fan Power Controller2 Lenovo Fpc2 is a fan power controller firmware from Lenovo China. A security vulnerability exists in the internal services of the Lenovo Fan Power Controller2 FPC2 and Lenovo System Management Module SMM firmware that could allow an unauthenticated attacker to execute...

9.8CVSS8.5AI score0.0121EPSS
Exploits0References3
OSV
OSV
added 2021/12/09 4:15 p.m.2 views

CVE-2021-20141

An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controllerserver service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet t...

8.8CVSS7.4AI score0.03709EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/07/22 6:27 p.m.30 views

CVE-2020-7388 Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing

Sage X3 Unauthenticated Remote Command Execution RCE as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can be learned by...

10CVSS6AI score0.70268EPSS
Exploits4References2
OSV
OSV
added 2021/02/23 6:15 p.m.2 views

CVE-2021-20198

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this...

8.1CVSS7.5AI score0.01833EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/01/12 12:0 a.m.22 views

Terramaster TOS < 4.2.07 Multiple Vulnerabilities - Active Check

Terramaster TOS is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS7AI score0.96598EPSS
Exploits10References1
OSV
OSV
added 2020/12/23 8:15 p.m.4 views

CVE-2020-35665

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation...

9.8CVSS7.3AI score
Exploits0References3
NVD
NVD
added 2020/12/11 1:15 a.m.25 views

CVE-2020-7540

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause unauthenticated command executio...

9.8CVSS9.7AI score0.02144EPSS
Exploits0References1
OSV
OSV
added 2020/12/11 1:15 a.m.4 views

CVE-2020-7540

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause unauthenticated command executio...

9.8CVSS7.4AI score0.02144EPSS
Exploits0References1
OSV
OSV
added 2020/12/01 3:15 p.m.4 views

CVE-2020-7533

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests...

9.8CVSS7.4AI score0.02301EPSS
Exploits0References2
Prion
Prion
added 2020/12/01 3:15 p.m.24 views

Design/Logic Flaw

A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules see security notification for version information which could cause the execution of commands on the webserver without...

7.5CVSS9.6AI score0.02301EPSS
Exploits0References1Affected Software16
VulnCheck KEV
VulnCheck KEV
added 2020/10/14 12:0 a.m.1 views

VulnCheck KEV: CVE-2018-19276

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body...

10CVSS7.6AI score0.98811EPSS
Exploits10References1
Rows per page
Query Builder