Lucene search
+L

17 matches found

github
github
added 2026/07/02 8:17 p.m.34 views

9router: Missing Authorization and OS Command Injection

Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...

9.8CVSS5.9AI score0.01372EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/04/24 2:10 a.m.4 views

CVE-2026-33208 Roxy-WI Vulnerable to Authenticated Remote Code Execution via OS Command Injection in find-in-config Endpoint

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedding it into a shell command string that is subsequently executed on a...

8.7CVSS6.2AI score0.0066EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/04/24 12:0 a.m.12 views

Roxy-WI 操作系统命令注入漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Prior to version 8.2.6.4, Roxy-WI had an operating system command injection vulnerability. This vulnerability stemmed from the lack of cleanup of the words parameter provided by the...

8.8CVSS6.1AI score0.0066EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-34994

Malicious code in bioql PyPI...

7.1CVSS6.1AI score0.00523EPSS
Exploits1References4
rosalinux
rosalinux
added 2023/10/24 2:17 p.m.34 views

Advisory ROSA-SA-2023-2282

Software: dmidecode 3.5 WASP: ROSA-CHROME packageevrstring: dmidecode-3.5-2.src.rpm CVE-ID: CVE-2023-30630 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: Dmidecode before version 3.5 allows -dump-bin to overwrite the local file. This has security implications because, for example, it is quite possible to...

7.1CVSS7AI score0.00523EPSS
Exploits1
redhat
redhat
added 2023/09/19 2:9 p.m.8 views

dmidecode: dump-bin to overwrite a local file

A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo...

7.1CVSS5.9AI score0.00523EPSS
Exploits1References6
osv
osv
added 2023/05/21 8:42 a.m.7 views

MGASA-2023-0180 Updated dmidecode packages fix security vulnerability

Dmidecode allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. CVE-2023-30630...

7.1CVSS6.8AI score0.00523EPSS
Exploits1References4
mscve
mscve
added 2023/04/18 7:0 a.m.6 views

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because for example execution of Dmidecode via Sudo is plausible.

...

7.1CVSS6.2AI score0.00523EPSS
Exploits1
nvd
nvd
added 2023/04/13 4:15 p.m.34 views

CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...

7.1CVSS6.9AI score0.00523EPSS
Exploits1References4
prion
prion
added 2023/04/13 4:15 p.m.23 views

Design/Logic Flaw

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible...

3.2CVSS7AI score0.00523EPSS
Exploits1References4Affected Software1
ubuntucve
ubuntucve
added 2023/04/13 4:15 p.m.395 views

CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...

7.1CVSS6.9AI score0.00523EPSS
Exploits1References3
osv
osv
added 2023/04/13 4:15 p.m.4 views

UBUNTU-CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...

7.1CVSS6.7AI score0.00523EPSS
Exploits1References4
cvelist
cvelist
added 2023/04/13 12:0 a.m.59 views

CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...

7.2AI score0.00523EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2023/04/13 12:0 a.m.5 views

CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...

7.2AI score0.00523EPSS
Exploits1References4
debiancve
debiancve
added 2023/04/13 12:0 a.m.417 views

CVE-2023-30630

Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed...

7.1CVSS6.1AI score0.00523EPSS
Exploits1
osv
osv
added 2020/11/27 5:15 p.m.3 views

CVE-2019-19875

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected using Python scripts via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364...

9.8CVSS7.3AI score0.01499EPSS
Exploits0References1
cvelist
cvelist
added 2020/03/15 8:25 p.m.22 views

CVE-2020-10588

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo...

7.6AI score0.004EPSS
Exploits1References1
Rows per page
Query Builder