Total
2537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3772 | 1 Whereis Project | 1 Whereis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. The `whereis` module is deprecated and it is recommended to use the `which` npm module instead. | |||||
| CVE-2018-3746 | 1 Pdfinfojs Project | 1 Pdfinfojs | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine. | |||||
| CVE-2018-20523 | 1 Mi | 37 Redmi 4a, Redmi 4a Firmware, Redmi 5 Plus and 34 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request. | |||||
| CVE-2018-20236 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system. | |||||
| CVE-2018-1244 | 1 Dell | 3 Idrac7 Firmware, Idrac8 Firmware, Idrac9 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled. | |||||
| CVE-2018-1212 | 1 Dell | 2 Idrac6 Modular, Idrac6 Monolithic | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system. | |||||
| CVE-2018-1111 | 2 Fedoraproject, Redhat | 7 Fedora, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | 7.9 HIGH | 7.5 HIGH |
| DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. | |||||
| CVE-2018-19950 | 1 Qnap | 2 Music Station, Qts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | |||||
| CVE-2018-19911 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used. | |||||
| CVE-2018-19451 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution. | |||||
| CVE-2018-19450 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution. | |||||
| CVE-2018-19445 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution. | |||||
| CVE-2018-19418 | 2 Foxitsoftware, Microsoft | 2 Pdf Activex, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control. | |||||
| CVE-2018-19031 | 1 360 | 10 Safe Router P0, Safe Router P0 Firmware, Safe Router P1 and 7 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897. | |||||
| CVE-2018-19015 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | 6.0 MEDIUM | 7.3 HIGH |
| An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application. | |||||
| CVE-2018-19013 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | 4.9 MEDIUM | 5.0 MEDIUM |
| An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. | |||||
| CVE-2018-17445 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||||
| CVE-2018-17172 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection. | |||||
| CVE-2018-16462 | 1 Apex-publish-static-files Project | 1 Apex-publish-static-files | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument. | |||||
| CVE-2018-16461 | 1 Libnmap Project | 1 Libnmap | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options. | |||||