CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-9059

picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.167

EPSS Ranking 94.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
https://lists.debian.org/debian-lts-announce/2020/06/msg00030.html
https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
https://lists.debian.org/debian-lts-announce/2020/06/msg00030.html

Products affected by CVE-2015-9059

Picocom Project » Picocom » Version: 1.5

cpe:2.3:a:picocom_project:picocom:1.5
Picocom Project » Picocom » Version: 1.6

cpe:2.3:a:picocom_project:picocom:1.6
Picocom Project » Picocom » Version: 1.7

cpe:2.3:a:picocom_project:picocom:1.7
Picocom Project » Picocom » Version: 1.8

cpe:2.3:a:picocom_project:picocom:1.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-9059

Products

Pricing

Contact Us