Total
3665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11139 | 1 Quest | 1 Kace System Management Appliance | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method. | |||||
| CVE-2018-1143 | 1 Belkin | 2 N750, N750 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi. | |||||
| CVE-2018-0274 | 1 Cisco | 1 Network Services Orchestrator | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the CLI parser of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting malicious arguments into vulnerable commands. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected system. This vulnerability affects the following releases of Cisco Network Services Orchestrator (NSO): 4.1 through 4.1.6.0, 4.2 through 4.2.4.0, 4.3 through 4.3.3.0, 4.4 through 4.4.2.0. Cisco Bug IDs: CSCvf99982. | |||||
| CVE-2018-11172 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 30 of 46). | |||||
| CVE-2017-14476 | 1 Mysql-mmm | 1 Mysql Multi-master Replication Manager | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | |||||
| CVE-2017-1000502 | 1 Jenkins | 1 Ec2 | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators. | |||||
| CVE-2018-1239 | 1 Dell | 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. | |||||
| CVE-2018-0556 | 1 Buffalo | 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-1000393 | 1 Jenkins | 1 Jenkins | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators. | |||||
| CVE-2018-0523 | 1 Buffalo | 2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
| Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-11165 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 23 of 46). | |||||
| CVE-2018-7448 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-28 | 8.5 HIGH | 7.5 HIGH |
| Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | |||||
| CVE-2018-11149 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46). | |||||
| CVE-2018-0183 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356. | |||||
| CVE-2018-0184 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCve74432. | |||||
| CVE-2018-0169 | 1 Cisco | 1 Ios | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has user EXEC mode (privilege level 1) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCtw85441, CSCus42252, CSCuv95370. | |||||
| CVE-2018-11161 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 19 of 46). | |||||
| CVE-2018-7440 | 2 Debian, Leptonica | 2 Debian Linux, Leptonica | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836. | |||||
| CVE-2018-11157 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46). | |||||
| CVE-2018-1000118 | 1 Electronjs | 1 Electron | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it. | |||||