Total
2537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16460 | 1 Umbraengineering | 1 Ps | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID. | |||||
| CVE-2018-16417 | 2 Arubanetworks, Siemens | 3 Instant, W1750d, W1750d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. | |||||
| CVE-2018-15356 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. | |||||
| CVE-2018-14893 | 1 Zyxel | 2 Nsa325 V2, Nsa325 V2 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. | |||||
| CVE-2018-14746 | 1 Qnap | 1 Qts | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. | |||||
| CVE-2018-14649 | 1 Redhat | 5 Ceph-iscsi-cli, Ceph Storage, Enterprise Linux Desktop and 2 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions. | |||||
| CVE-2018-14067 | 1 Greenpacket | 2 Dv-360, Dv-360 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces (including the external Internet) by default. NOTE: this may overlap CVE-2017-9980. | |||||
| CVE-2018-12465 | 1 Microfocus | 1 Secure Messaging Gateway | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). | |||||
| CVE-2018-11106 | 1 Netgear | 10 Wc7500, Wc7500 Firmware, Wc7520 and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5. | |||||
| CVE-2018-1000802 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. | |||||
| CVE-2018-0730 | 1 Qnap | 1 Qts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This command injection vulnerability in File Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating QTS to their latest versions. | |||||
| CVE-2018-0729 | 1 Qnap | 2 Music Station, Qts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This command injection vulnerability in Music Station allows attackers to execute commands on the affected device. To fix the vulnerability, QNAP recommend updating Music Station to their latest versions. | |||||
| CVE-2018-0718 | 1 Qnap | 2 Music Station, Qts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. | |||||
| CVE-2018-0714 | 1 Qnap | 2 Helpdesk, Qts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. | |||||
| CVE-2018-0712 | 1 Qnap | 1 Qts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS. | |||||
| CVE-2018-0481 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. | |||||
| CVE-2018-0477 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. | |||||
| CVE-2018-0454 | 1 Cisco | 2 Cloud Services Platform 2100, Cloud Services Platform 2100 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sending customized commands to the web-based management interface. | |||||
| CVE-2018-0433 | 1 Cisco | 12 Vbond Orchestrator, Vedge 100, Vedge 1000 and 9 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. | |||||
| CVE-2018-0431 | 1 Cisco | 1 Unified Computing System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device. | |||||