Total
2452 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-6662 | 2 Apple, Mcafee | 2 Mac Os X, Management Of Native Encryption | 2023-03-03 | 7.2 HIGH | 7.8 HIGH |
Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input. | |||||
CVE-2019-3417 | 1 Zte | 2 Zxhn F670, Zxhn F670 Firmware | 2023-03-03 | 9.0 HIGH | 8.8 HIGH |
All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system. | |||||
CVE-2020-35476 | 1 Opentsdb | 1 Opentsdb | 2023-03-03 | 7.5 HIGH | 9.8 CRITICAL |
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.) | |||||
CVE-2020-13388 | 1 Python | 1 Jw.util | 2023-03-03 | 7.5 HIGH | 9.8 CRITICAL |
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. | |||||
CVE-2023-0935 | 1 Dolphinphp Project | 1 Dolphinphp | 2023-03-02 | N/A | 9.8 CRITICAL |
A vulnerability was found in DolphinPHP up to 1.5.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file common.php of the component Incomplete Fix CVE-2021-46097. The manipulation of the argument id leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221551. | |||||
CVE-2019-1776 | 1 Cisco | 134 7000 10-slot, 7000 18-slot, 7000 4-slot and 131 more | 2023-03-01 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
CVE-2019-1778 | 1 Cisco | 67 N9k-c9504-fm-r, N9k-c9508-fm-r, N9k-x96136yc-r and 64 more | 2023-03-01 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
CVE-2019-1774 | 1 Cisco | 129 7000 10-slot, 7000 18-slot, 7000 4-slot and 126 more | 2023-03-01 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
CVE-2019-1775 | 1 Cisco | 129 7000 10-slot, 7000 18-slot, 7000 4-slot and 126 more | 2023-03-01 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
CVE-2022-43548 | 2 Debian, Nodejs | 2 Debian Linux, Node.js | 2023-03-01 | N/A | 8.1 HIGH |
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix. | |||||
CVE-2019-11062 | 1 Sun.net | 1 Wmpro | 2023-03-01 | 10.0 HIGH | 9.8 CRITICAL |
The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | |||||
CVE-2022-2068 | 6 Broadcom, Debian, Fedoraproject and 3 more | 43 Sannav, Debian Linux, Fedora and 40 more | 2023-03-01 | 10.0 HIGH | 9.8 CRITICAL |
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). | |||||
CVE-2019-7256 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2023-03-01 | 10.0 HIGH | 10.0 CRITICAL |
Linear eMerge E3-Series devices allow Command Injections. | |||||
CVE-2019-10662 | 1 Grandstream | 2 Ucm6204, Ucm6204 Firmware | 2023-03-01 | 9.0 HIGH | 8.8 HIGH |
Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI. | |||||
CVE-2019-10660 | 1 Grandstream | 2 Gxv3611ir Hd, Gxv3611ir Hd Firmware | 2023-03-01 | 6.5 MEDIUM | 8.8 HIGH |
Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. | |||||
CVE-2019-10659 | 1 Grandstream | 4 Gxv3370, Gxv3370 Firmware, Wp820 and 1 more | 2023-03-01 | 6.5 MEDIUM | 8.8 HIGH |
Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field. | |||||
CVE-2019-10658 | 1 Grandstream | 2 Gwn7610, Gwn7610 Firmware | 2023-03-01 | 6.5 MEDIUM | 8.8 HIGH |
Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call. | |||||
CVE-2019-10657 | 1 Grandstream | 4 Gwn7000, Gwn7000 Firmware, Gwn7610 and 1 more | 2023-03-01 | 4.0 MEDIUM | 6.5 MEDIUM |
Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request. | |||||
CVE-2022-45939 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Emacs | 2023-03-01 | N/A | 7.8 HIGH |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
CVE-2019-10656 | 1 Grandstream | 2 Gwn7000, Gwn7000 Firmware | 2023-03-01 | 9.0 HIGH | 8.8 HIGH |
Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call. |