Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13638 | 2 Debian, Gnu | 2 Debian Linux, Patch | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. | |||||
CVE-2019-15529 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login. | |||||
CVE-2019-10659 | 1 Grandstream | 4 Gxv3370, Gxv3370 Firmware, Wp820 and 1 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. | |||||
CVE-2019-12181 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. | |||||
CVE-2019-3630 | 1 Mcafee | 1 Enterprise Security Manager | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | |||||
CVE-2019-11627 | 3 Debian, Opensuse, Signing-party Project | 3 Debian Linux, Leap, Signing-party | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. | |||||
CVE-2019-10658 | 1 Grandstream | 2 Gwn7610, Gwn7610 Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call. | |||||
CVE-2019-1591 | 1 Cisco | 2 Nexus 9000, Nx-os | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a specific CLI command with parameters on an affected device. An attacker could exploit this vulnerability by authenticating to the device CLI and issuing certain commands. A successful exploit could allow the attacker to escape the restricted shell and execute arbitrary commands with root-level privileges on the affected device. This vulnerability only affects Cisco Nexus 9000 Series ACI Mode Switches that are running a release prior to 14.0(3d). | |||||
CVE-2019-3631 | 1 Mcafee | 1 Enterprise Security Manager | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters. | |||||
CVE-2019-13640 | 1 Qbittorrent | 1 Qbittorrent | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed. | |||||
CVE-2019-1020004 | 1 Tridactyl Project | 1 Tridactyl | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Tridactyl before 1.16.0 allows fake key events. | |||||
CVE-2019-13155 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server. | |||||
CVE-2019-10660 | 1 Grandstream | 2 Gxv3611ir Hd, Gxv3611ir Hd Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. | |||||
CVE-2019-3914 | 1 Verizon | 2 Fios Quantum Gateway G1100, Fios Quantum Gateway G1100 Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Remote command injection vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows a remote, authenticated attacker to execute arbitrary commands on the target device by adding an access control rule for a network object with a crafted hostname. | |||||
CVE-2018-20218 | 1 Teracue | 6 Enc-400 Hdmi, Enc-400 Hdmi2, Enc-400 Hdmi2 Firmware and 3 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form. | |||||
CVE-2019-15107 | 1 Webmin | 1 Webmin | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. | |||||
CVE-2019-13598 | 1 Getvera | 2 Vera Edge, Vera Edge Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped. | |||||
CVE-2019-4294 | 1 Ibm | 2 Datapower Gateway, Mq Appliance | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. | |||||
CVE-2019-12992 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). | |||||
CVE-2019-6736 | 1 Bitdefender | 1 Safepay | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of tiscript. When processing the System.Exec method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7234. |