Total
2912 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15575 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope. | ||||
| CVE-2019-15051 | 1 Softing | 6 Uagate 840d, Uagate 840d Firmware, Uagate Mb and 3 more | 2024-11-21 | 8.8 High |
| An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter. | ||||
| CVE-2019-15010 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | 8.8 High |
| Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance. | ||||
| CVE-2019-14868 | 4 Apple, Debian, Ksh Project and 1 more | 8 Mac Os X, Debian Linux, Ksh and 5 more | 2024-11-21 | 7.4 High |
| In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely. | ||||
| CVE-2019-14745 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.8 High |
| In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables. | ||||
| CVE-2019-14719 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 7.8 High |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | ||||
| CVE-2019-13552 | 1 Advantech | 1 Webaccess | 2024-11-21 | 8.8 High |
| In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. | ||||
| CVE-2019-13152 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | N/A |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Gaming Rule. | ||||
| CVE-2019-13150 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | N/A |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr. | ||||
| CVE-2019-13148 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | N/A |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule. | ||||
| CVE-2019-13139 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2024-11-21 | N/A |
| In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag. | ||||
| CVE-2019-13024 | 1 Centreon | 1 Centreon | 2024-11-21 | N/A |
| Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands). | ||||
| CVE-2019-12921 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports Sle and 1 more | 2024-11-21 | 6.5 Medium |
| In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | ||||
| CVE-2019-12805 | 1 Ncsoft | 1 Nc Launcher2 | 2024-11-21 | 8.8 High |
| NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user. | ||||
| CVE-2019-12786 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key. | ||||
| CVE-2019-12736 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 9.8 Critical |
| JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. | ||||
| CVE-2019-12661 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 6.7 Medium |
| A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise. | ||||
| CVE-2019-12629 | 1 Cisco | 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more | 2024-11-21 | 7.2 High |
| A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. | ||||
| CVE-2019-12591 | 1 Netgear | 1 Insight | 2024-11-21 | N/A |
| NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. | ||||
| CVE-2019-12430 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.8 High |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection. | ||||