Total
4032 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10883 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2024-08-04 | N/A |
| Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | ||||
| CVE-2019-10803 | 1 Push-dir Project | 1 Push-dir | 2024-08-04 | 9.8 Critical |
| push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands. | ||||
| CVE-2019-10880 | 1 Xerox | 10 Colorqube 8700, Colorqube 8700 Firmware, Colorqube 8900 and 7 more | 2024-08-04 | N/A |
| Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary. | ||||
| CVE-2019-10791 | 1 Promise-probe Project | 1 Promise-probe | 2024-08-04 | 9.8 Critical |
| promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization. | ||||
| CVE-2019-10774 | 1 Php-shellcommand Project | 1 Php-shellcommand | 2024-08-04 | 9.8 Critical |
| php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-10788 | 1 Dnt | 1 Im-metadata | 2024-08-04 | 9.8 Critical |
| im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function. | ||||
| CVE-2019-10783 | 1 Isof Project | 1 Isof | 2024-08-04 | 9.8 Critical |
| All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input. | ||||
| CVE-2019-10804 | 1 Serial-number Project | 1 Serial-number | 2024-08-04 | 9.8 Critical |
| serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation. | ||||
| CVE-2019-10796 | 1 Rpi Project | 1 Rpi | 2024-08-04 | 9.8 Critical |
| rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization. | ||||
| CVE-2019-10787 | 1 Dnt | 1 Im-resize | 2024-08-04 | 9.8 Critical |
| im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization. | ||||
| CVE-2019-10799 | 1 Compile-sass Project | 1 Compile-sass | 2024-08-04 | 8.2 High |
| compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization. | ||||
| CVE-2019-10778 | 1 Devcert-sanscache Project | 1 Devcert-sanscache | 2024-08-04 | 9.8 Critical |
| devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization. | ||||
| CVE-2019-10776 | 1 Git-diff-apply Project | 1 Git-diff-apply | 2024-08-04 | 9.8 Critical |
| In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2. | ||||
| CVE-2019-10802 | 1 Mangoraft | 1 Giting | 2024-08-04 | 9.8 Critical |
| giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | ||||
| CVE-2019-10780 | 1 Bibtex-ruby Project | 1 Bibtex-ruby | 2024-08-04 | 9.8 Critical |
| BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open. | ||||
| CVE-2019-10777 | 1 Amazon | 1 Aws Lambda | 2024-08-04 | 9.8 Critical |
| In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName". | ||||
| CVE-2019-10786 | 1 Network-manager Project | 1 Network-manager | 2024-08-04 | 9.8 Critical |
| network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. | ||||
| CVE-2019-10789 | 1 Curling Project | 1 Curling | 2024-08-04 | 9.8 Critical |
| All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization. | ||||
| CVE-2019-10655 | 1 Grandstream | 10 Gac2500, Gac2500 Firmware, Gvc3202 and 7 more | 2024-08-04 | 9.8 Critical |
| Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd. | ||||
| CVE-2019-10660 | 1 Grandstream | 2 Gxv3611ir Hd, Gxv3611ir Hd Firmware | 2024-08-04 | 8.8 High |
| Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field. | ||||