Total
945 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7825 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. | |||||
| CVE-2018-5428 | 1 Tibco | 1 Data Virtualization | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6. | |||||
| CVE-2018-20236 | 1 Atlassian | 1 Sourcetree | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system. | |||||
| CVE-2018-1244 | 1 Dell | 3 Idrac7 Firmware, Idrac8 Firmware, Idrac9 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled. | |||||
| CVE-2018-1212 | 1 Dell | 2 Idrac6 Modular, Idrac6 Monolithic | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system. | |||||
| CVE-2018-19911 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used. | |||||
| CVE-2018-19451 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution. | |||||
| CVE-2018-19450 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution. | |||||
| CVE-2018-19445 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution. | |||||
| CVE-2018-19418 | 2 Foxitsoftware, Microsoft | 2 Pdf Activex, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control. | |||||
| CVE-2018-19031 | 1 360 | 10 Safe Router P0, Safe Router P0 Firmware, Safe Router P1 and 7 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897. | |||||
| CVE-2018-16417 | 2 Arubanetworks, Siemens | 3 Instant, W1750d, W1750d Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection. | |||||
| CVE-2018-15356 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. | |||||
| CVE-2018-14893 | 1 Zyxel | 2 Nsa325 V2, Nsa325 V2 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API. | |||||
| CVE-2018-0454 | 1 Cisco | 2 Cloud Services Platform 2100, Cloud Services Platform 2100 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sending customized commands to the web-based management interface. | |||||
| CVE-2018-0431 | 1 Cisco | 1 Unified Computing System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device. | |||||
| CVE-2018-0430 | 1 Cisco | 1 Unified Computing System | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device. | |||||
| CVE-2018-0351 | 1 Cisco | 19 Vbond Orchestrator, Vedge-100, Vedge-1000 and 16 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the command-line tcpdump utility in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the tcpdump utility. The attacker must be authenticated to access the tcpdump utility. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69751. | |||||
| CVE-2018-0350 | 1 Cisco | 19 Vbond Orchestrator, Vedge-100, Vedge-1000 and 16 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page. The attacker must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69808, CSCvi69810, CSCvi69814, CSCvi69822, CSCvi69827, CSCvi69828, CSCvi69836. | |||||
| CVE-2018-0347 | 1 Cisco | 19 Vbond Orchestrator, Vedge-100, Vedge-1000 and 16 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting malicious input to the affected parameter. The attacker must be authenticated to access the affected parameter. A successful exploit could allow an attacker to execute commands with root privileges. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers. Cisco Bug IDs: CSCvi69906. | |||||