Total
3852 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14354 | 5 Canonical, Debian, Mutt and 2 more | 10 Ubuntu Linux, Debian Linux, Mutt and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. | |||||
| CVE-2018-14060 | 1 Mi | 2 Xiaomi R3d, Xiaomi R3d Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | |||||
| CVE-2018-14010 | 1 Mi | 7 Xiaomi R3, Xiaomi R3c, Xiaomi R3c Firmware and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data. | |||||
| CVE-2018-13797 | 1 Node-macaddress Project | 1 Node-macaddress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. | |||||
| CVE-2018-13418 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter. | |||||
| CVE-2018-13358 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter. | |||||
| CVE-2018-13354 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. | |||||
| CVE-2018-13353 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute commands via the "checkport" parameter. | |||||
| CVE-2018-13338 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "username" parameter during user creation. | |||||
| CVE-2018-13336 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "pwd" parameter during user creation. | |||||
| CVE-2018-13330 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter. | |||||
| CVE-2018-13320 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | |||||
| CVE-2018-13318 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. | |||||
| CVE-2018-13316 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter. | |||||
| CVE-2018-13314 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter. | |||||
| CVE-2018-13311 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "sambaUser" POST parameter. | |||||
| CVE-2018-13307 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable. | |||||
| CVE-2018-13306 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ftpUser" POST parameter. | |||||
| CVE-2018-13285 | 1 Synology | 1 Router Manager | 2024-11-21 | 9.0 HIGH | 7.5 HIGH |
| Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | |||||
| CVE-2018-13284 | 1 Synology | 1 Diskstation Manager | 2024-11-21 | 9.0 HIGH | 7.5 HIGH |
| Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | |||||