Lucene search
K

15303 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:50 a.m.5 views

SUSE CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

8.8CVSS7.4AI score0.03205EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.6 views

SUSE CVE-2017-8291

Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile %pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017...

7.8CVSS9.2AI score0.96968EPSS
Exploits7References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.2 views

SUSE CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

10CVSS9.7AI score0.04581EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.3 views

SUSE CVE-2017-16228

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

9.8CVSS8.5AI score0.03394EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.2 views

SUSE CVE-2017-17459

httptransport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176,...

7.5CVSS8.5AI score0.02805EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.3 views

SUSE CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

8.8CVSS7.5AI score0.11926EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:30 a.m.6 views

SUSE CVE-2018-6574

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked...

7.8CVSS7.7AI score0.07768EPSS
Exploits4References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.2 views

SUSE CVE-2018-7187

The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path get/vcs.go only checks for "://" anywhere in the string, which allows remote attackers to execute arbitrary OS commands via a crafted web site...

8.8CVSS7.7AI score0.63229EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.6 views

SUSE CVE-2018-7544

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive...

5.3CVSS9.1AI score0.01899EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.3 views

SUSE CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription...

9.6CVSS8AI score0.06229EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.5 views

SUSE CVE-2019-10149

A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution...

9.8CVSS9.2AI score0.99961EPSS
Exploits27References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.3 views

SUSE CVE-2019-12735

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assertfails or nviminput in Neovim...

7.8CVSS7.9AI score0.19111EPSS
Exploits5References13
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.0 views

SUSE CVE-2019-13640

In qBittorrent before 4.1.7, the function Application::runExternalProgram located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed...

9.8CVSS9.5AI score0.07913EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.3 views

SUSE CVE-2019-14889

A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...

7.1CVSS6.7AI score0.0316EPSS
Exploits0References69
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2020-1930

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration .cf files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same...

7.4CVSS7.3AI score0.07053EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.2 views

SUSE CVE-2020-14295

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries...

7.2CVSS8.5AI score0.8633EPSS
Exploits9References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.2 views

SUSE CVE-2021-3144

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions...

9.1CVSS9.4AI score0.05196EPSS
Exploits0References32
SUSE CVE
SUSE CVE
added 2023/02/15 3:46 a.m.1 views

SUSE CVE-2021-21345

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

8.5CVSS8.4AI score0.72324EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.3 views

SUSE CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

6.3CVSS9.1AI score0.04698EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.1 views

SUSE CVE-2021-29505

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to...

8.1CVSS7.8AI score0.77735EPSS
Exploits1References6
Rows per page
Query Builder