Total
1397 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10329 | 1 Synology | 1 Photo Station | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header. | |||||
CVE-2018-8306 | 1 Microsoft | 2 Wireless Display Adapter, Wireless Display Adapter Firmware | 2019-10-02 | 5.2 MEDIUM | 5.5 MEDIUM |
A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka "Microsoft Wireless Display Adapter Command Injection Vulnerability." This affects Microsoft Wireless Display Adapter V2 Software. | |||||
CVE-2018-17445 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||||
CVE-2018-17172 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection. | |||||
CVE-2018-15356 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2019-10-02 | 6.5 MEDIUM | 8.8 HIGH |
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. | |||||
CVE-2018-20236 | 1 Atlassian | 1 Sourcetree | 2019-10-02 | 9.3 HIGH | 8.8 HIGH |
There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system. | |||||
CVE-2018-14746 | 1 Qnap | 1 Qts | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. | |||||
CVE-2018-7785 | 1 Schneider-electric | 1 U.motion Builder | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | |||||
CVE-2018-0718 | 1 Qnap | 2 Music Station, Qts | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application. | |||||
CVE-2018-0712 | 1 Qnap | 1 Qts | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run arbitrary commands or install malware on the NAS. | |||||
CVE-2018-0714 | 1 Qnap | 2 Helpdesk, Qts | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. | |||||
CVE-2017-7161 | 2 Apple, Canonical | 2 Safari, Ubuntu Linux | 2019-10-02 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection. | |||||
CVE-2017-6650 | 1 Cisco | 10 Nexus 5548up, Nexus 5596t, Nexus 5596up and 7 more | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771. | |||||
CVE-2017-6649 | 1 Cisco | 10 Nexus 5548up, Nexus 5596t, Nexus 5596up and 7 more | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555. | |||||
CVE-2017-15403 | 1 Google | 2 Chrome, Chrome Os | 2019-10-02 | 4.4 MEDIUM | 7.3 HIGH |
Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page. | |||||
CVE-2017-14593 | 1 Atlassian | 1 Sourcetree | 2019-10-02 | 9.0 HIGH | 8.8 HIGH |
Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability | |||||
CVE-2017-12335 | 1 Cisco | 2 Nx-os, Unified Computing System | 2019-10-02 | 4.6 MEDIUM | 6.3 MEDIUM |
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gain unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf14923, CSCvf14926, CSCvg04095. | |||||
CVE-2019-12104 | 1 Tp-link | 2 M7350, M7350 Firmware | 2019-08-19 | 9.0 HIGH | 8.8 HIGH |
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities. | |||||
CVE-2017-18400 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 7.2 HIGH | 7.8 HIGH |
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333). | |||||
CVE-2016-3081 | 2 Apache, Oracle | 2 Struts, Siebel E-billing | 2019-08-12 | 9.3 HIGH | 8.1 HIGH |
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. |