CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1774 matches found

OpenVAS•added 2023/03/08 12:0 a.m.•14 views

Debian: Security Advisory (DLA-488-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7AI score0.67997EPSS

Exploits7References3

OpenVAS•added 2023/03/08 12:0 a.m.•10 views

Debian: Security Advisory (DLA-125-1)

7.5CVSS9.6AI score0.0068EPSS

Exploits0References2

Debian CVE•added 2023/03/05 12:0 a.m.•25 views

CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

7.8CVSS7.8AI score0.00094EPSS

Exploits0

NVD•added 2023/03/04 12:15 a.m.•10 views

CVE-2023-26490

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

8.8CVSS8.2AI score0.12964EPSS

Exploits1References2

Cvelist•added 2023/03/03 11:37 p.m.•14 views

CVE-2023-26490 mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync

7.3CVSS9.4AI score0.12964EPSS

Exploits1References2

Vulnrichment•added 2023/03/03 11:37 p.m.•4 views

CVE-2023-26490 mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync

7.3CVSS9.2AI score0.12964EPSS

Exploits1References2

CVE•added 2023/03/03 11:37 p.m.•52 views

CVE-2023-26490

The CVE-2023-26490 entry describes a shell command injection in mailcow’s Sync Job feature within a dockerized mail server. The vulnerability arises from imapsync’s XOAUTH2 workflow creating a shell command to invoke openssl, with user password segments embedded in the command without validation,...

8.8CVSS8.6AI score0.12964EPSS

Exploits1References2Affected Software1

OSV•added 2023/03/03 11:37 p.m.•13 views

CVE-2023-26490 mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync

7.3CVSS8.9AI score0.12964EPSS

Exploits1References4

OSV•added 2023/03/01 8:15 a.m.•18 views

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

7.8CVSS8.1AI score

Exploits0References1

OSV•added 2023/03/01 12:0 a.m.•2 views

PUB-A-239701389

In OEMOnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

6.7CVSS7.2AI score0.00013EPSS

Exploits0References1

Prion•added 2023/02/25 2:15 a.m.•11 views

Command injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl in /web/api/app/Controller/HostController.php. Any authenticated user can...

6.5CVSS8.9AI score0.05839EPSS

Exploits0References1Affected Software1

Debian CVE•added 2023/02/25 1:31 a.m.•41 views

CVE-2023-26039

8.8CVSS8.8AI score0.05839EPSS

Exploits0

F5 Networks•added 2023/02/21 7:41 p.m.•12 views

K7147: Execution of UNIX shell commands from the URL in the Admin UI

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.7AI score

Exploits0

F5 Networks•added 2023/02/21 6:47 p.m.•77 views

K33828251: Apache Spark vulnerability CVE-2022-33891

Security Advisory Description The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

8.8CVSS9.3AI score0.93513EPSS

Exploits12

OSV•added 2023/02/20 11:15 p.m.•2 views

AZL-13681 CVE-2022-48338 affecting package emacs for versions less than 28.2-4

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called throug...

7.3CVSS5.7AI score0.00142EPSS

Exploits0References1

UbuntuCve•added 2023/02/20 11:15 p.m.•31 views

CVE-2022-48337

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u " command suggested in the eta...

9.8CVSS7.2AI score0.00447EPSS

Exploits0References2

Prion•added 2023/02/20 11:15 p.m.•18 views

Command injection

4.1CVSS8.2AI score0.00142EPSS

Exploits0References4Affected Software1

UbuntuCve•added 2023/02/20 11:15 p.m.•22 views

CVE-2022-48338

7.3CVSS7AI score0.00142EPSS

Exploits0References2

OSV•added 2023/02/20 11:15 p.m.•0 views

UBUNTU-CVE-2022-48338