Total
3853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12579 | 3 Apple, Linux, Londontrustmedia | 3 Macos, Linux Kernel, Private Internet Access Vpn Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for Linux and macOS could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA Linux/macOS binary openvpn_launcher.64 binary is setuid root. This binary accepts several parameters to update the system configuration. These parameters are passed to operating system commands using a "here" document. The parameters are not sanitized, which allow for arbitrary commands to be injected using shell metacharacters. A local unprivileged user can pass special crafted parameters that will be interpolated by the operating system calls. | |||||
| CVE-2019-12511 | 1 Netgear | 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point. | |||||
| CVE-2019-12489 | 1 Fastweb | 2 Askey Rtv1907vw, Askey Rtv1907vw Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter. | |||||
| CVE-2019-12328 | 1 Atcom | 2 A10w, A10w Firmware | 2024-11-21 | 9.0 HIGH | 9.0 CRITICAL |
| A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request. | |||||
| CVE-2019-12324 | 1 Akuvox | 2 Sp-r50p, Sp-r50p Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request. | |||||
| CVE-2019-12272 | 1 Openwrt | 1 Luci | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | |||||
| CVE-2019-12181 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. | |||||
| CVE-2019-12132 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-12123 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-12113 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-12112 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | |||||
| CVE-2019-12103 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability. | |||||
| CVE-2019-12091 | 1 Netskope | 1 Netskope | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege. | |||||
| CVE-2019-11829 | 1 Synology | 1 Calendar | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header. | |||||
| CVE-2019-11689 | 1 Asustor | 1 Exfat Driver | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root. | |||||
| CVE-2019-11627 | 3 Debian, Opensuse, Signing-party Project | 3 Debian Linux, Leap, Signing-party | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. | |||||
| CVE-2019-11539 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | |||||
| CVE-2019-11527 | 1 Softing | 2 Uagate Si, Uagate Si Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter. | |||||
| CVE-2019-11444 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw | |||||
| CVE-2019-11410 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host. | |||||