Total
4223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14495 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance | |||||
| CVE-2018-14494 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware | |||||
| CVE-2018-14417 | 1 Softnas | 1 Cloud | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions. | |||||
| CVE-2018-14357 | 5 Canonical, Debian, Mutt and 2 more | 10 Ubuntu Linux, Debian Linux, Mutt and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. | |||||
| CVE-2018-14354 | 5 Canonical, Debian, Mutt and 2 more | 10 Ubuntu Linux, Debian Linux, Mutt and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. | |||||
| CVE-2018-14060 | 1 Mi | 2 Xiaomi R3d, Xiaomi R3d Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | |||||
| CVE-2018-14010 | 1 Mi | 7 Xiaomi R3, Xiaomi R3c, Xiaomi R3c Firmware and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | |||||
| CVE-2018-13797 | 1 Node-macaddress Project | 1 Node-macaddress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. | |||||
| CVE-2018-13418 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter. | |||||
| CVE-2018-13358 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter. | |||||
| CVE-2018-13354 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. | |||||
| CVE-2018-13353 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. | |||||
| CVE-2018-13338 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. | |||||
| CVE-2018-13336 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | |||||
| CVE-2018-13330 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter. | |||||
| CVE-2018-13320 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | |||||
| CVE-2018-13318 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. | |||||
| CVE-2018-13316 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. | |||||
| CVE-2018-13314 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. | |||||
| CVE-2018-13311 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. | |||||