CWE:
 

Topic
Date
Author
High
Pydio 8 Command Execution / Cross Site Scripting
29.03.2019
Leandro Cuozzo
High
Sophos Web Appliance 4.2.1.3 Remote Code Execution
05.11.2016
Matt Bergin (@thatguyl...


CVEMAP Search Results

CVE
Details
Description
2019-08-05
Medium
CVE-2019-12264

Vendor: Windriver
Software: Vxworks
 

 
Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.

 
2019-07-09
Medium
CVE-2019-13475

Vendor: Mobatek
Software: Mobaxterm
 

 
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject -exec to execute arbitrary commands. The additional arguments -hideterm and -exitwhendone in the payload make the attack less visible.

 
2019-06-21
Low
CVE-2017-15694

Vendor: Apache
Software: Geode
 

 
When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.

 
2019-06-17
Medium
CVE-2019-8321

Vendor: Rubygems
Software: Rubygems
 

 
An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible.

 
2019-06-14
High
CVE-2019-11582

Vendor: Atlassian
Software: Sourcetree
 

 
An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versions prior to 3.1.3, allows remote attackers to gain remote code execution through the use of a crafted URI.

 
2019-03-08
High
CVE-2018-20234

Vendor: Atlassian
Software: Sourcetree
 

 
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.

 
2018-10-16
High
CVE-2018-11025

Vendor: Amazon
Software: Fire os
 

 
kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash.

 
High
CVE-2018-11024

Vendor: Amazon
Software: Fire os
 

 
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash.

 
High
CVE-2018-11023

Vendor: Amazon
Software: Fire os
 

 
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3222560159 and cause a kernel crash.

 
High
CVE-2018-11022

Vendor: Amazon
Software: Fire os
 

 
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top