Total
4032 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13155 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-08-04 | N/A |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the IP Address in Add Virtual Server. | ||||
| CVE-2019-13128 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-08-04 | N/A |
| An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings. | ||||
| CVE-2019-13153 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-08-04 | N/A |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the Private Port in Add Virtual Server. | ||||
| CVE-2019-13154 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-08-04 | N/A |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the TCP Ports To Open in Add Gaming Rule. | ||||
| CVE-2019-13151 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-08-04 | N/A |
| An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the action set_sta_enrollee_pin_5g and the key wps_sta_enrollee_pin. | ||||
| CVE-2019-13051 | 1 Pi-hole | 1 Pi-hole | 2024-08-04 | 8.8 High |
| Pi-Hole 4.3 allows Command Injection. | ||||
| CVE-2019-12997 | 1 Icon | 1 Loopchain | 2024-08-04 | N/A |
| In Loopchain through 2.2.1.3, an attacker can escalate privileges from a low-privilege shell by changing the environment (aka injection in the DEFAULT_SCORE_HOST environment variable). | ||||
| CVE-2019-13025 | 1 Compal | 2 Ch7465lg, Ch7465lg Firmware | 2024-08-04 | 9.8 Critical |
| Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorrect Access Control because of Improper Input Validation. The attacker can send a maliciously modified POST (HTTP) request containing shell commands, which will be executed on the device, to an backend API endpoint of the cable modem. | ||||
| CVE-2019-12987 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-08-04 | N/A |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). | ||||
| CVE-2019-12992 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-08-04 | N/A |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). | ||||
| CVE-2019-12986 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-08-04 | N/A |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). | ||||
| CVE-2019-12988 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-08-04 | N/A |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). | ||||
| CVE-2019-12991 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-08-04 | N/A |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). | ||||
| CVE-2019-12985 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-08-04 | N/A |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). | ||||
| CVE-2019-12771 | 1 Thinstation Project | 1 Thinstation | 2024-08-04 | N/A |
| Command injection is possible in ThinStation through 6.1.1 via shell metacharacters after the cgi-bin/CdControl.cgi action= substring, or after the cgi-bin/VolControl.cgi OK= substring. | ||||
| CVE-2019-12811 | 2 Activesoft, Microsoft | 2 Mybuilder, Windows | 2024-08-04 | 9.8 Critical |
| ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution | ||||
| CVE-2019-12839 | 1 Orangehrm | 1 Orangehrm | 2024-08-04 | N/A |
| In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution. | ||||
| CVE-2019-12840 | 1 Webmin | 1 Webmin | 2024-08-04 | N/A |
| In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. | ||||
| CVE-2019-12787 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2024-08-04 | 8.8 High |
| An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key. | ||||
| CVE-2019-12812 | 2 Activesoft, Microsoft | 2 Mybuilder, Windows | 2024-08-04 | 9.8 Critical |
| MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution. | ||||