Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8968 | 1 Squareup | 1 Git-fastclone | 2020-06-10 | 9.3 HIGH | 8.8 HIGH |
| git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories. | |||||
| CVE-2016-5397 | 1 Apache | 1 Thrift | 2020-06-04 | 9.0 HIGH | 8.8 HIGH |
| The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0. | |||||
| CVE-2017-15889 | 1 Synology | 1 Diskstation Manager | 2020-05-22 | 6.5 MEDIUM | 8.8 HIGH |
| Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | |||||
| CVE-2017-14592 | 1 Atlassian | 1 Sourcetree | 2020-05-11 | 9.0 HIGH | 8.8 HIGH |
| Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability. | |||||
| CVE-2015-8971 | 2 Debian, Enlightenment | 2 Debian Linux, Terminology | 2020-02-24 | 4.6 MEDIUM | 7.8 HIGH |
| Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. | |||||
| CVE-2017-15940 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | 9.8 CRITICAL |
| The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2019-5390 | 1 Hp | 1 Intelligent Management Center | 2020-01-03 | 10.0 HIGH | 9.8 CRITICAL |
| A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2015-8103 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2019-12-17 | 7.5 HIGH | N/A |
| The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'". | |||||
| CVE-2014-1203 | 1 Eyou | 1 Eyou | 2019-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php. | |||||
| CVE-2019-5413 | 1 Morgan Project | 1 Morgan | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. | |||||
| CVE-2019-1624 | 1 Cisco | 1 Sd-wan | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI. A successful exploit could allow the attacker to execute commands with root privileges. | |||||
| CVE-2019-12805 | 1 Ncsoft | 1 Nc Launcher2 | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user. | |||||
| CVE-2019-12591 | 1 Netgear | 1 Insight | 2019-10-09 | 6.5 MEDIUM | 7.6 HIGH |
| NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. | |||||
| CVE-2018-5428 | 1 Tibco | 1 Data Virtualization | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6. | |||||
| CVE-2018-5439 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. | |||||
| CVE-2018-1212 | 1 Dell | 2 Idrac6 Modular, Idrac6 Monolithic | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system. | |||||
| CVE-2018-1244 | 1 Dell | 3 Idrac7 Firmware, Idrac8 Firmware, Idrac9 Firmware | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled. | |||||
| CVE-2018-19013 | 1 Omron | 1 Cx-supervisor | 2019-10-09 | 4.9 MEDIUM | 5.0 MEDIUM |
| An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. | |||||
| CVE-2018-0431 | 1 Cisco | 1 Unified Computing System | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device. | |||||
| CVE-2018-0454 | 1 Cisco | 2 Cloud Services Platform 2100, Cloud Services Platform 2100 Firmware | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. The vulnerability is due to insufficient input validation of command input. An attacker could exploit this vulnerability by sending customized commands to the web-based management interface. | |||||