Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6014 | 1 Dlink | 2 Dba-1510p, Dba-1510p Firmware | 2020-01-07 | 8.3 HIGH | 8.8 HIGH |
| DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute arbitrary OS commands via Web User Interface. | |||||
| CVE-2019-20197 | 1 Nagios | 1 Nagios Xi | 2020-01-07 | 9.0 HIGH | 8.8 HIGH |
| In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account. | |||||
| CVE-2019-10774 | 1 Php-shellcommand Project | 1 Php-shellcommand | 2020-01-03 | 10.0 HIGH | 9.8 CRITICAL |
| php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-18830 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2019-12-23 | 10.0 HIGH | 9.8 CRITICAL |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'. | |||||
| CVE-2019-11399 | 1 Trendnet | 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more | 2019-12-23 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. OS command injection occurs through the get_set.ccp lanHostCfg_HostName_1.1.1.0.0 parameter. | |||||
| CVE-2019-8513 | 1 Apple | 1 Mac Os X | 2019-12-22 | 7.2 HIGH | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands. | |||||
| CVE-2019-17270 | 1 Yachtcontrol | 1 Yachtcontrol | 2019-12-19 | 10.0 HIGH | 9.8 CRITICAL |
| Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's. | |||||
| CVE-2019-16733 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2019-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | |||||
| CVE-2019-16737 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2019-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The processCommandSetMac() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | |||||
| CVE-2019-17364 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2019-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The processCommandUploadLog() function of libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user. | |||||
| CVE-2019-19642 | 1 Supermicro | 3 X8sti-f, X8sti-f Bios, X8sti-f Firmware | 2019-12-18 | 9.0 HIGH | 8.8 HIGH |
| On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor. | |||||
| CVE-2019-17501 | 1 Centreon | 1 Centreon | 2019-12-18 | 9.0 HIGH | 8.8 HIGH |
| Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same. | |||||
| CVE-2014-0163 | 1 Redhat | 1 Openshift | 2019-12-16 | 9.0 HIGH | 8.8 HIGH |
| Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. | |||||
| CVE-2019-3985 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2019-12-13 | 8.3 HIGH | 8.8 HIGH |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter. | |||||
| CVE-2019-3986 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2019-12-13 | 8.3 HIGH | 8.8 HIGH |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter. | |||||
| CVE-2019-3987 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2019-12-13 | 8.3 HIGH | 8.8 HIGH |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter. | |||||
| CVE-2019-3988 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2019-12-13 | 8.3 HIGH | 8.8 HIGH |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter. | |||||
| CVE-2019-3989 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2019-12-13 | 9.3 HIGH | 9.8 CRITICAL |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. | |||||
| CVE-2019-16242 | 1 Alcatelmobile | 2 Cingular Flip 2, Cingular Flip 2 Firmware | 2019-12-10 | 7.2 HIGH | 6.8 MEDIUM |
| On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI. | |||||
| CVE-2017-12945 | 1 Mersive | 2 Solstice, Solstice Firmware | 2019-12-04 | 9.0 HIGH | 8.8 HIGH |
| Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root. | |||||