Total
2537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11535 | 1 Linksys | 4 Re6300, Re6300 Firmware, Re6400 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI. | |||||
| CVE-2019-11279 | 1 Cloudfoundry | 1 Uaa Release | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. | |||||
| CVE-2019-11278 | 1 Cloudfoundry | 1 User Account And Authentication | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have. | |||||
| CVE-2019-11217 | 1 Bonobogitserver | 1 Bonobo Git Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request. | |||||
| CVE-2019-11076 | 1 Cribl | 1 Cribl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request. | |||||
| CVE-2019-10854 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Computrols CBAS 18.0.0 allows Authenticated Command Injection. | |||||
| CVE-2019-10640 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. | |||||
| CVE-2019-10095 | 1 Apache | 1 Zeppelin | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | |||||
| CVE-2019-1010174 | 2 Cimg, Debian | 2 Cimg Library, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4. | |||||
| CVE-2018-8306 | 1 Microsoft | 2 Wireless Display Adapter, Wireless Display Adapter Firmware | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka "Microsoft Wireless Display Adapter Command Injection Vulnerability." This affects Microsoft Wireless Display Adapter V2 Software. | |||||
| CVE-2018-7826 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. | |||||
| CVE-2018-7825 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. | |||||
| CVE-2018-7785 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | |||||
| CVE-2018-5439 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. | |||||
| CVE-2018-5428 | 1 Tibco | 1 Data Virtualization | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6. | |||||
| CVE-2018-5412 | 1 Imperva | 1 Securesphere | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. | |||||
| CVE-2018-5403 | 1 Imperva | 1 Securesphere | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface. | |||||
| CVE-2018-3963 | 1 Getcujo | 1 Smart Firewall | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry. | |||||
| CVE-2018-3786 | 1 Eggjs | 1 Egg-scripts | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument. | |||||
| CVE-2018-3779 | 1 Activesupport Project | 1 Activesupport | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||