Total
4029 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5265 | 1 Ui | 2 Edgeos, Erlite-3 | 2024-08-05 | N/A |
| Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters. | ||||
| CVE-2018-5371 | 2 D-link, Dlink | 4 Dsl-2540u Firmware, Dsl-2640u Firmware, Dsl-2540u and 1 more | 2024-08-05 | N/A |
| diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. | ||||
| CVE-2018-5347 | 1 Seagate | 2 Personal Cloud, Personal Cloud Firmware | 2024-08-05 | N/A |
| Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. | ||||
| CVE-2018-4923 | 1 Adobe | 1 Connect | 2024-08-05 | N/A |
| Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion. | ||||
| CVE-2018-4924 | 2 Adobe, Microsoft | 2 Dreamweaver, Windows | 2024-08-05 | N/A |
| Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| CVE-2018-4061 | 1 Sierrawireless | 2 Airlink Es450, Airlink Es450 Firmware | 2024-08-05 | N/A |
| An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3890 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2024-08-05 | 6.8 Medium |
| An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability. | ||||
| CVE-2018-3969 | 1 Getcujo | 1 Smart Firewall | 2024-08-05 | 7.8 High |
| An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf. | ||||
| CVE-2018-3785 | 1 Git-dummy-commit Project | 1 Git-dummy-commit | 2024-08-05 | 9.8 Critical |
| A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. | ||||
| CVE-2018-3746 | 1 Pdfinfojs Project | 1 Pdfinfojs | 2024-08-05 | 9.8 Critical |
| The pdfinfojs NPM module versions <= 0.3.6 has a command injection vulnerability that allows an attacker to execute arbitrary commands on the victim's machine. | ||||
| CVE-2018-1185 | 1 Dell | 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines | 2024-08-05 | 6.7 Medium |
| An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape from the restricted shell to an interactive shell and run arbitrary commands with root privileges. | ||||
| CVE-2018-1169 | 1 Amazon | 1 Amazon Music | 2024-08-05 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521. | ||||
| CVE-2018-1184 | 1 Dell | 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines | 2024-08-05 | N/A |
| An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges. | ||||
| CVE-2018-1167 | 1 Spotify | 1 Spotify | 2024-08-05 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5501. | ||||
| CVE-2018-1111 | 2 Fedoraproject, Redhat | 11 Fedora, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2024-08-05 | N/A |
| DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. | ||||
| CVE-2018-0694 | 1 Soliton | 1 Filezen | 2024-08-05 | N/A |
| FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2018-0677 | 1 Panasonic | 2 Bn-sdwbp3, Bn-sdwbp3 Firmware | 2024-08-05 | N/A |
| BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2018-0627 | 1 Nec | 2 Aterm Wg1200hp, Aterm Wg1200hp Firmware | 2024-08-05 | N/A |
| Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. | ||||
| CVE-2018-0635 | 1 Nec | 2 Aterm Hc100rc, Aterm Hc100rc Firmware | 2024-08-05 | N/A |
| Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter. | ||||
| CVE-2018-0643 | 2 Canonical, Orcamo | 2 Ubuntu Linux, Online Receipt Computer Advantage | 2024-08-05 | N/A |
| Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | ||||