Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10783 | 1 Isof Project | 1 Isof | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input. | |||||
| CVE-2018-9086 | 1 Lenovo | 8 Thinkserver Rd340, Thinkserver Rd340 Firmware, Thinkserver Rd440 and 5 more | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users. | |||||
| CVE-2019-10883 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | |||||
| CVE-2019-10669 | 1 Librenms | 1 Librenms | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru(). | |||||
| CVE-2019-10061 | 1 Node-opencv Project | 1 Node-opencv | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands. | |||||
| CVE-2019-1010179 | 1 Phkp Project | 1 Phkp | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). The impact is: It is possible to manipulate gpg-keys or execute commands remotely. The component is: function pgp_exec() phkp.php:98. The attack vector is: HKP-Api: /pks/lookup?search. | |||||
| CVE-2019-6620 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4 and BIG-IQ 6.0.0-6.1.0 and 5.1.0-5.4.0, an undisclosed iControl REST worker vulnerable to command injection for an Administrator user. | |||||
| CVE-2019-13128 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings. | |||||
| CVE-2019-12997 | 1 Icon | 1 Loopchain | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable). | |||||
| CVE-2019-13025 | 1 Compal | 2 Ch7465lg, Ch7465lg Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem. | |||||
| CVE-2019-12992 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). | |||||
| CVE-2019-12991 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). | |||||
| CVE-2019-12988 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). | |||||
| CVE-2019-12987 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). | |||||
| CVE-2019-12986 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). | |||||
| CVE-2019-12985 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). | |||||
| CVE-2019-12929 | 1 Qemu | 1 Qemu | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue. | |||||
| CVE-2019-12928 | 1 Qemu | 1 Qemu | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue. | |||||
| CVE-2019-12840 | 1 Webmin | 1 Webmin | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. | |||||
| CVE-2019-12839 | 1 Orangehrm | 1 Orangehrm | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution. | |||||