CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7632 matches found

Cvelist•added 2020/02/07 2:19 p.m.•30 views

CVE-2013-3628

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability...

8.9AI score0.67463EPSS

Exploits6References4

Ubuntu•added 2020/02/05 1:48 p.m.•106 views

USN-4268-1: OpenSMTPD vulnerability

It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root...

10CVSS9AI score0.98972EPSS

Exploits26

Japan Vulnerability Notes•added 2020/02/05 4:51 a.m.•2 views

Ghostscript access restriction bypass vulnerability

Overview Ghostscript provided by Artifex Software Inc. contains an access restriction bypass vulnerability CWE-284. Hiroki MATSUKUMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

8.8CVSS6.8AI score0.03434EPSS

Exploits0References12

Veracode•added 2020/02/05 2:24 a.m.•15 views

Arbitrary Command Execution

im-metadata is vulnerable to arbitrary command execution. The vulnerability is possible because the metadata options and arguments to the exec command was not filtered and directly processed...

9.8CVSS4.2AI score0.02415EPSS

Exploits1References1Affected Software1

CNVD•added 2020/02/04 12:0 a.m.•4 views

D-Link DIR-859 ssdpcgi() M-SEARCH Arbitrary Command Execution Vulnerability

The D-Link DIR-859 is a router device. A security vulnerability exists in the D-Link DIR-859 ssdpcgi M-SEARCH method handling, which can be exploited by remote attackers to submit a special request to execute arbitrary commands...

10CVSS7.6AI score0.03558EPSS

Exploits0References1

OSV•added 2020/02/03 11:15 a.m.•2 views

CVE-2020-3925

A Remote Code ExecutionRCE vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts...

8.8CVSS7.4AI score0.02775EPSS

Exploits0References2

Positive Technologies•added 2020/01/29 12:0 a.m.•4 views

PT-2020-1569 · Openbsd +1 · Opensmtpd +1

Name of the Vulnerable Software and Affected Versions: OpenSMTPD versions 6.6 Description: The issue is related to the smtp mailaddr function in the smtp session.c file of the OpenSMTPD mail daemon, which is used in OpenBSD and other products. It allows remote attackers to execute arbitrary...

10CVSS8.3AI score0.98972EPSS

Exploits40References76

BDU FSTEC•added 2020/01/29 12:0 a.m.•2 views

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager system allows a attacker to execute arbitrary commands.

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager DCNM system exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on t...

9CVSS7.5AI score0.03304EPSS

Exploits4References2

ArchLinux•added 2020/01/29 12:0 a.m.•28 views

[ASA-202001-6] opensmtpd: arbitrary command execution

Arch Linux Security Advisory ASA-202001-6 ========================================= Severity: Critical Date : 2020-01-29 CVE-ID : CVE-2020-7247 Package : opensmtpd Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1090 Summary ======= The package opensmtpd...

10CVSS2.8AI score0.98972EPSS

Exploits26References5

ArchLinux•added 2020/01/29 12:0 a.m.•31 views

[ASA-202001-7] salt: arbitrary command execution

Arch Linux Security Advisory ASA-202001-7 ========================================= Severity: Medium Date : 2020-01-29 CVE-ID : CVE-2019-17361 Package : salt Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-1087 Summary ======= The package salt before...

9.8CVSS2AI score0.15106EPSS

Exploits0References4

OSV•added 2020/01/28 4:15 p.m.•7 views

CVE-2014-2906

The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...

7CVSS9.1AI score

Exploits0References4

Hacker One•added 2020/01/28 12:43 p.m.•32 views

Slack: Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation

Overview The Nebula clients for Darwin and Windows call relative paths in "exec.Command" to "ifconfig" and "route" executables on Darwin, and to "netsh" on Windows. These commands are entered using relative paths, not absolute paths such as /sbin/ifconfig. When a binary is run with a relative pat...

0.9AI score

Exploits0

OSV•added 2020/01/27 6:15 p.m.•3 views

CVE-2019-19824

On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI syscmd.htm is not available. This allows for full control over the device's internals. This affects A3002RU through...

8.8CVSS7.5AI score0.25135EPSS

Exploits3References5

OpenVAS•added 2020/01/23 12:0 a.m.•11 views

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2019-1699)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS9AI score0.19111EPSS

Exploits5References2

OpenVAS•added 2020/01/23 12:0 a.m.•22 views

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2019-1766)

9.3CVSS9AI score0.19111EPSS

Exploits5References2

OpenVAS•added 2020/01/23 12:0 a.m.•27 views

Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-2020)

8.8CVSS7.6AI score0.0151EPSS

Exploits1References2

OpenVAS•added 2020/01/23 12:0 a.m.•25 views

Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-1724)