Total
3665 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11171 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46). | |||||
| CVE-2018-6961 | 1 Vmware | 1 Nsx Sd-wan By Velocloud | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution. | |||||
| CVE-2018-0185 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542. | |||||
| CVE-2018-8735 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. | |||||
| CVE-2018-0569 | 1 Basercms | 1 Basercms | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-11163 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46). | |||||
| CVE-2018-0306 | 1 Cisco | 89 Mds 9132t, Mds 9148, Mds 9148s and 86 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. Note: This vulnerability requires that any feature license is uploaded to the device. The vulnerability does not require that the license be used. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve51693, CSCve91634, CSCve91659, CSCve91663. | |||||
| CVE-2018-11153 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 11 of 46). | |||||
| CVE-2018-11229 | 1 Crestron | 8 Crestron Toolbox Protocol Firmware, Dmc-str, Tsw-1060 and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP). | |||||
| CVE-2017-14479 | 1 Mysql-mmm | 1 Mysql Multi-master Replication Manager | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | |||||
| CVE-2018-4923 | 1 Adobe | 1 Connect | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion. | |||||
| CVE-2018-11178 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46). | |||||
| CVE-2018-13797 | 1 Node-macaddress Project | 1 Node-macaddress | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. | |||||
| CVE-2018-0217 | 1 Cisco | 6 Asr 5000, Asr 5000 Firmware, Asr 5500 and 3 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection attack on an affected system. The vulnerability is due to insufficient validation of commands that are supplied to certain configurations in the CLI of the affected operating system. An attacker could exploit this vulnerability by injecting crafted arguments into a vulnerable CLI command for an affected system. A successful exploit could allow the attacker to insert and execute arbitrary commands in the CLI of the affected system. To exploit this vulnerability, the attacker would need to authenticate to an affected system by using valid administrator credentials. Cisco Bug IDs: CSCvg29441. | |||||
| CVE-2017-14535 | 1 Netfortris | 1 Trixbox | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. | |||||
| CVE-2018-0279 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of command arguments. An attacker could exploit this vulnerability by using crafted arguments when opening a connection to the affected device. An exploit could allow the attacker to gain shell access with a non-root user account to the underlying Linux operating system on the affected device. Due to the system design, access to the Linux shell could allow execution of additional attacks that may have a significant impact on the affected system. This vulnerability affects Cisco devices that are running release 3.7.1, 3.6.3, or earlier releases of Cisco Enterprise NFV Infrastructure Software (NFVIS) when access to the SCP server is allowed on the affected device. Cisco NFVIS Releases 3.5.x and 3.6.x do allow access to the SCP server by default, while Cisco NFVIS Release 3.7.1 does not. Cisco Bug IDs: CSCvh25026. | |||||
| CVE-2018-1000006 | 2 Atom, Microsoft | 4 Electron, Windows 10, Windows 7 and 1 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16. | |||||
| CVE-2018-1000043 | 1 Securityonion | 1 Squert | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0. | |||||
| CVE-2018-1185 | 1 Dell | 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges. | |||||
| CVE-2018-11164 | 1 Quest | 1 Disk Backup | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 22 of 46). | |||||