Total
789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7839 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-7610 | 1 Elastic | 1 Kibana | 2024-11-21 | 9.3 HIGH | 9.0 CRITICAL |
| Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | |||||
| CVE-2019-7537 | 1 Pytroll | 1 Donfig | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution. | |||||
| CVE-2019-7198 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later | |||||
| CVE-2019-6288 | 1 Edge-core | 2 Ecs2020, Ecs2020 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. | |||||
| CVE-2019-5413 | 1 Morgan Project | 1 Morgan | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. | |||||
| CVE-2019-5390 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-25029 | 1 Versa-networks | 1 Versa Director | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation. | |||||
| CVE-2019-1584 | 1 Zingbox | 1 Inspector | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint. | |||||
| CVE-2019-19875 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364. | |||||
| CVE-2019-18780 | 3 Linux, Microsoft, Veritas | 8 Linux Kernel, Windows, Access and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows. | |||||
| CVE-2019-17361 | 3 Debian, Opensuse, Saltstack | 3 Debian Linux, Leap, Salt | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. | |||||
| CVE-2019-12736 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. | |||||
| CVE-2019-11535 | 1 Linksys | 4 Re6300, Re6300 Firmware, Re6400 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI. | |||||
| CVE-2019-11217 | 1 Bonobogitserver | 1 Bonobo Git Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request. | |||||
| CVE-2019-11076 | 1 Cribl | 1 Cribl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request. | |||||
| CVE-2019-10095 | 1 Apache | 1 Zeppelin | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | |||||
| CVE-2019-1010174 | 2 Cimg, Debian | 2 Cimg Library, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4. | |||||
| CVE-2018-7785 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | |||||
| CVE-2018-5439 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. | |||||