Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-77
Total 1397 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10329 1 Synology 1 Photo Station 2019-10-09 7.5 HIGH 9.8 CRITICAL
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.
CVE-2018-8306 1 Microsoft 2 Wireless Display Adapter, Wireless Display Adapter Firmware 2019-10-02 5.2 MEDIUM 5.5 MEDIUM
A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka "Microsoft Wireless Display Adapter Command Injection Vulnerability." This affects Microsoft Wireless Display Adapter V2 Software.
CVE-2018-17445 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2019-10-02 7.5 HIGH 9.8 CRITICAL
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
CVE-2018-17172 1 Xerox 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more 2019-10-02 7.5 HIGH 9.8 CRITICAL
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection.
CVE-2018-15356 1 Eltex 2 Esp-200, Esp-200 Firmware 2019-10-02 6.5 MEDIUM 8.8 HIGH
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
CVE-2018-20236 1 Atlassian 1 Sourcetree 2019-10-02 9.3 HIGH 8.8 HIGH
There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system.
CVE-2018-14746 1 Qnap 1 Qts 2019-10-02 10.0 HIGH 9.8 CRITICAL
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS.
CVE-2018-7785 1 Schneider-electric 1 U.motion Builder 2019-10-02 7.5 HIGH 9.8 CRITICAL
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
CVE-2018-0718 1 Qnap 2 Music Station, Qts 2019-10-02 7.5 HIGH 9.8 CRITICAL
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.
CVE-2018-0712 1 Qnap 1 Qts 2019-10-02 7.5 HIGH 9.8 CRITICAL
Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS.
CVE-2018-0714 1 Qnap 2 Helpdesk, Qts 2019-10-02 7.5 HIGH 9.8 CRITICAL
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.
CVE-2017-7161 2 Apple, Canonical 2 Safari, Ubuntu Linux 2019-10-02 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.
CVE-2017-6650 1 Cisco 10 Nexus 5548up, Nexus 5596t, Nexus 5596up and 7 more 2019-10-02 4.6 MEDIUM 7.8 HIGH
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.
CVE-2017-6649 1 Cisco 10 Nexus 5548up, Nexus 5596t, Nexus 5596up and 7 more 2019-10-02 4.6 MEDIUM 7.8 HIGH
A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555.
CVE-2017-15403 1 Google 2 Chrome, Chrome Os 2019-10-02 4.4 MEDIUM 7.3 HIGH
Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page.
CVE-2017-14593 1 Atlassian 1 Sourcetree 2019-10-02 9.0 HIGH 8.8 HIGH
Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability
CVE-2017-12335 1 Cisco 2 Nx-os, Unified Computing System 2019-10-02 4.6 MEDIUM 6.3 MEDIUM
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gain unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf14923, CSCvf14926, CSCvg04095.
CVE-2019-12104 1 Tp-link 2 M7350, M7350 Firmware 2019-08-19 9.0 HIGH 8.8 HIGH
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.
CVE-2017-18400 1 Cpanel 1 Cpanel 2019-08-13 7.2 HIGH 7.8 HIGH
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).
CVE-2016-3081 2 Apache, Oracle 2 Struts, Siebel E-billing 2019-08-12 9.3 HIGH 8.1 HIGH
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.