SUSE-SU-2026:20041-1 Security update for bluez

This update for bluez fixes the following issues: - CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections bsc1217877...

MAL-2026-167 Malicious code in icon-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c036555d918021fafe661296499aab549fac428c2b9cefb72670f63914dfa974 The package icon-service was found to contain malicious code. Source: ossf-package-analysis...

CVE-2017-20216

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...

KAYSUS KS-WR3600 安全漏洞

The KAYSUS KS-WR3600 is a wireless router from the Chinese company KAYSUS. A security vulnerability exists in the KAYSUS KS-WR3600, which stems from the SSH service being enabled by default and the root account not having a password, which could lead to arbitrary command execution...

GL-Inet GL-AXT1800 安全漏洞

The GL-Inet GL-AXT1800 is a WiFi6 wireless router from GL-Inet China. A security vulnerability exists in the GL-Inet GL-AXT1800 v4.6.8, which stems from improper input cleanup of the plugins.installpackage RPC method, which could lead to the execution of arbitrary commands...

N8n < 2.0.0 Multiple Vulnerabilities

According to its banner, the version of n8n running on the remote host is 1.0.0 or later and before 2.0.0. It is, therefore, affected by multiple vulnerabilities: - An authenticated arbitrary file read and file write vulnerability - An authenticated arbitrary command execution vulnerability in...

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-605L that stems from improper access control of the serial interface, which could lead to an arbitrary command execution attack...

CVE-2019-25289 INIM Electronics SmartLiving SmartLAN/G/SI <=6.x Remote Command Execution

SmartLiving SmartLAN =6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system function call to execute arbitrary system commands with root...

CVE-2017-20216

CVE-2017-20216 concerns FLIR Thermal Camera PT-Series firmware 8.0.0.64, where multiple unauthenticated remote command injection vulnerabilities exist in the controllerFlirSystem.php script. The root cause is unsanitized POST parameters in the execFlirSystem() function leading to shell_exec() cal...

GHSA-H4RF-624J-GJ33 terminal-controller-mcp vulnerable to Command Injection

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

CVE-2013-6027

Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/toolsmisc.xgi...

CVE-2013-6349

McAfee Email Gateway MEG 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2022-27945

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands such as telnetd via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi...

CVE-2022-27946

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands such as telnetd via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to adminaccount.cgi...

CVE-1999-0043

Command execution via shell metachars in INN daemon innd 1.5 using "newgroup" and "rmgroup" control messages, and others...

CVE-1999-0241

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm...

CVE-1999-0412

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension...

CVE-1999-0689

The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack...

CVE-1999-0360

MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely...

CVE-1999-0252

Buffer overflow in listserv allows arbitrary command execution...