Total
3873 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3913 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service. | |||||
| CVE-2019-3727 | 1 Dell | 2 Emc Recoverpoint, Recoverpoint For Virtual Machines | 2024-11-21 | 7.2 HIGH | 6.4 MEDIUM |
| Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root. | |||||
| CVE-2019-3725 | 1 Rsa | 2 Netwitness, Security Analytics | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server. | |||||
| CVE-2019-3704 | 1 Dell | 2 Emc Vnx2, Emc Vnx2 Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this vulnerability. | |||||
| CVE-2019-3702 | 1 Lifesize | 6 Icon 300, Icon 300 Firmware, Icon 500 and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request. | |||||
| CVE-2019-3631 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | |||||
| CVE-2019-3630 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | |||||
| CVE-2019-3595 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-11-21 | 4.4 MEDIUM | 6.5 MEDIUM |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our checks, the user must explicitly allow the code to execute. | |||||
| CVE-2019-3417 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system. | |||||
| CVE-2019-3412 | 1 Zte | 2 Mf920, Mf920 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces. | |||||
| CVE-2019-3409 | 1 Zte | 2 Wf820\+ Lte Outdoor Cpe, Wf820\+ Lte Outdoor Cpe Firmware | 2024-11-21 | 6.5 MEDIUM | 9.0 CRITICAL |
| All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Due to inadequate parameter verification, unauthorized users can take advantage of this vulnerability to control the user terminal system. | |||||
| CVE-2019-25158 | 1 Pedroetb | 1 Tts-api | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability. | |||||
| CVE-2019-25066 | 1 Ajenti | 1 Ajenti | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component. | |||||
| CVE-2019-25065 | 1 Opennetadmin | 1 Opennetadmin | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2019-25024 | 1 Alleghenycreative | 1 Openrepeater | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. | |||||
| CVE-2019-25022 | 1 Scytl | 1 Secure Vote | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation. | |||||
| CVE-2019-20807 | 6 Apple, Canonical, Debian and 3 more | 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). | |||||
| CVE-2019-20504 | 1 Quest | 1 Kace Systems Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter. | |||||
| CVE-2019-20501 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. | |||||
| CVE-2019-20500 | 1 Dlink | 2 Dwl-2600ap, Dwl-2600ap Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | |||||