Total
1813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7839 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7610 | 1 Elastic | 1 Kibana | 2024-11-21 | 9.3 HIGH | 9.0 CRITICAL |
| Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | |||||
| CVE-2019-7537 | 1 Pytroll | 1 Donfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution. | |||||
| CVE-2019-7198 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later | |||||
| CVE-2019-6986 | 1 Duraspace | 1 Vitro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. | |||||
| CVE-2019-6739 | 1 Malwarebytes | 1 Antimalware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity. Was ZDI-CAN-7162. | |||||
| CVE-2019-6689 | 1 Dillonkane | 1 Tidal Workload Automation | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers (TJB) parameters. NOTE: this vulnerability exists because the CVE-2014-3272 solution did not address AIX operating systems. | |||||
| CVE-2019-6622 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems. | |||||
| CVE-2019-6288 | 1 Edge-core | 2 Ecs2020, Ecs2020 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. | |||||
| CVE-2019-6275 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | |||||
| CVE-2019-6272 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | |||||
| CVE-2019-5446 | 1 Ui | 12 Edgeswitch Firmware, Ep-s16., Es-12f and 9 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. | |||||
| CVE-2019-5413 | 1 Morgan Project | 1 Morgan | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. | |||||
| CVE-2019-5390 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-5323 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host. | |||||
| CVE-2019-4635 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011. | |||||
| CVE-2019-3920 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/. | |||||
| CVE-2019-3919 | 1 Nokia | 2 I-240w-q Gpon Ont, I-240w-q Gpon Ont Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/. | |||||
| CVE-2019-3421 | 1 Ztw | 2 Zx297520v3, Zx297520v3 Firmware | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the user terminal system. | |||||
| CVE-2019-25029 | 1 Versa-networks | 1 Versa Director | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation. | |||||