Total
3665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1878 | 1 Cisco | 2 Telepresence Ce, Telepresence Tc | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts on the targeted device. | |||||
| CVE-2019-14923 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field. | |||||
| CVE-2019-7670 | 1 Primasystems | 1 Flexair | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system. | |||||
| CVE-2019-1727 | 1 Cisco | 27 Mds 9000, Mds 9100, Mds 9200 and 24 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain Python functions in the scripting sandbox of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands to elevate the attacker's privilege level. To exploit this vulnerability, the attacker must have local access and be authenticated to the targeted device with administrative or Python execution privileges. These requirements could limit the possibility of a successful exploit. | |||||
| CVE-2019-1829 | 1 Cisco | 14 Aironet 1542d, Aironet 1542i, Aironet 1562d and 11 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication. | |||||
| CVE-2019-1960 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2018-16217 | 1 Yealink | 2 Ultra-elegant Ip Phone Sip-t41p, Ultra-elegant Ip Phone Sip-t41p Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| The network diagnostic function (ping) in the Yeahlink Ultra-elegant IP Phone SIP-T41P (firmware 66.83.0.35) allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection. | |||||
| CVE-2019-9120 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell metacharacters in the wl(0).(0)_maclist field. | |||||
| CVE-2019-1959 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-15060 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field. | |||||
| CVE-2019-10657 | 1 Grandstream | 4 Gwn7000, Gwn7000 Firmware, Gwn7610 and 1 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request. | |||||
| CVE-2017-18369 | 1 Billion | 2 5200w-t, 5200w-t Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter. | |||||
| CVE-2019-11322 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | |||||
| CVE-2019-12985 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). | |||||
| CVE-2019-9804 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. | |||||
| CVE-2018-16118 | 1 Sophos | 2 Sfos, Xg Firewall | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
| A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header. | |||||
| CVE-2019-1634 | 1 Cisco | 13 Encs 5100, Encs 5400, Integrated Management Controller Supervisor and 10 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device. | |||||
| CVE-2019-11353 | 1 Engeniustech | 2 Ews660ap, Ews660ap Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version. | |||||
| CVE-2018-10697 | 1 Moxa | 2 Awk-3121, Awk-3121 Firmware | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to this injection. By crafting a packet that contains shell metacharacters, it is possible for an attacker to execute the attack. | |||||
| CVE-2019-10891 | 1 Dlink | 2 Dir-806, Dir-806 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header. | |||||