Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28437 | 1 Heroku-env Project | 1 Heroku-env | 2024-09-17 | 9.4 Critical |
| This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. | ||||
| CVE-2019-11853 | 1 Sierrawireless | 9 Airlink Es450, Airlink Gx450, Airlink Lx40 and 6 more | 2024-09-17 | 3.9 Low |
| Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. | ||||
| CVE-2022-26415 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-09-17 | 7.7 High |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2017-8134 | 1 Huawei | 1 Fusionsphere Openstack | 2024-09-17 | N/A |
| The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | ||||
| CVE-2017-8188 | 1 Huawei | 1 Fusionsphere Openstack | 2024-09-17 | N/A |
| FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution. | ||||
| CVE-2019-17101 | 1 Netatmo | 2 Smart Indoor Camera, Smart Indoor Camera Firmware | 2024-09-17 | 5.7 Medium |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions. | ||||
| CVE-2017-1000469 | 1 Cobbler Project | 1 Cobbler | 2024-09-17 | N/A |
| Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. | ||||
| CVE-2018-0481 | 1 Cisco | 1 Ios Xe | 2024-09-17 | 6.7 Medium |
| A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. | ||||
| CVE-2022-35266 | 1 Robustel | 2 R1510, R1510 Firmware | 2024-09-17 | 7.5 High |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_firmware/` API. | ||||
| CVE-2017-11391 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2024-09-17 | N/A |
| Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744. | ||||
| CVE-2020-12782 | 1 Openfind | 2 Mailaudit, Mailgates | 2024-09-17 | 9.8 Critical |
| Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. | ||||
| CVE-2016-10541 | 1 Shell-quote Project | 1 Shell-quote | 2024-09-17 | 9.8 Critical |
| The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection. | ||||
| CVE-2017-1407 | 1 Ibm | 3 Security Identity Governance And Intelligence, Security Identity Manager, Security Privileged Identity Manager | 2024-09-17 | 8.8 High |
| IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394. | ||||
| CVE-2016-9044 | 1 Informationbuilders | 1 Webfocus | 2024-09-17 | 8.8 High |
| An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability. | ||||
| CVE-2011-4182 | 1 Opensuse | 1 Sysconfig | 2024-09-17 | N/A |
| Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1. | ||||
| CVE-2021-4045 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2024-09-17 | 9.8 Critical |
| TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera. | ||||
| CVE-2019-9507 | 1 Vertiv | 2 Avocent Umg-4000, Avocent Umg-4000 Firmware | 2024-09-17 | 8.3 High |
| The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root. | ||||
| CVE-2017-8133 | 1 Huawei | 1 Neteco | 2024-09-17 | N/A |
| Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a high privileged user could execute, causing the files to be tampered with or deleted. | ||||
| CVE-2017-12078 | 1 Synology | 1 Router Manager | 2024-09-17 | N/A |
| Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. | ||||
| CVE-2018-16460 | 1 Umbraengineering | 1 Ps | 2024-09-17 | N/A |
| A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID. | ||||