Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10514 | 1 Icatchinc | 1 Dvr Firmware | 2024-09-16 | 8.8 High |
| iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. | ||||
| CVE-2019-12651 | 1 Cisco | 5 Cloud Services Router 1000v, Cloud Services Router 1000v Firmware, Integrated Services Virtual Router and 2 more | 2024-09-16 | 8.8 High |
| Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-35265 | 1 Robustel | 2 R1510, R1510 Firmware | 2024-09-16 | 7.5 High |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_nodejs_app/` API. | ||||
| CVE-2021-34809 | 1 Synology | 1 Download Station | 2024-09-16 | 9.9 Critical |
| Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2018-0477 | 1 Cisco | 1 Ios Xe | 2024-09-16 | 6.7 Medium |
| A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, failing to prevent access to certain internal data structures on an affected device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit these vulnerabilities on the device by executing CLI commands that contain custom arguments. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the affected device. | ||||
| CVE-2017-13071 | 1 Qnap | 2 Qts, Video Station | 2024-09-16 | N/A |
| QNAP has already patched this vulnerability. This security concern allows a remote attacker to run arbitrary commands on the QNAP Video Station 5.1.3 (for QTS 4.3.3), 5.2.0 (for QTS 4.3.4), and earlier. | ||||
| CVE-2020-2490 | 1 Qnap | 1 Qts | 2024-09-16 | 7.2 High |
| If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. | ||||
| CVE-2021-31358 | 1 Juniper | 1 Junos Os Evolved | 2024-09-16 | 7.8 High |
| A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S2-EVO; 21.1 versions prior to 21.1R2-EVO; 21.2 versions prior to 21.2R1-S1-EVO, 21.2R2-EVO. | ||||
| CVE-2020-28453 | 1 Npos-tesseract Project | 1 Npos-tesseract | 2024-09-16 | 9.4 Critical |
| This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js. | ||||
| CVE-2018-0433 | 1 Cisco | 12 Vbond Orchestrator, Vedge 100, Vedge 1000 and 9 more | 2024-09-16 | 7.8 High |
| A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. | ||||
| CVE-2022-2068 | 7 Broadcom, Debian, Fedoraproject and 4 more | 49 Sannav, Debian Linux, Fedora and 46 more | 2024-09-16 | 9.8 Critical |
| In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). | ||||
| CVE-2020-28435 | 1 Ffmpeg-sdk Project | 1 Ffmpeg-sdk | 2024-09-16 | 9.4 Critical |
| This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. | ||||
| CVE-2018-19013 | 1 Omron | 1 Cx-supervisor | 2024-09-16 | N/A |
| An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. | ||||
| CVE-2020-2507 | 1 Qnap | 1 Helpdesk | 2024-09-16 | 9.8 Critical |
| The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | ||||
| CVE-2022-2143 | 1 Advantech | 1 Iview | 2024-09-16 | 9.8 Critical |
| The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2019-4635 | 1 Ibm | 1 Security Secret Server | 2024-09-16 | 2.7 Low |
| IBM Security Secret Server 10.7 could allow a privileged user to perform unauthorized command injection due to imporoper input neutralization of special elements. IBM X-Force ID: 170011. | ||||
| CVE-2019-1893 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2024-09-16 | 7.8 High |
| A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file that is accessible to a local shell user. An attacker could exploit this vulnerability by including malicious input during the execution of this file. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. | ||||
| CVE-2014-10075 | 1 Karo Project | 1 Karo | 2024-09-16 | N/A |
| The karo gem 2.3.8 for Ruby allows Remote command injection via the host field. | ||||
| CVE-2024-3154 | 1 Redhat | 1 Openshift | 2024-09-16 | 7.2 High |
| A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. | ||||
| CVE-2018-20236 | 1 Atlassian | 1 Sourcetree | 2024-09-16 | N/A |
| There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcetree for Windows to exploit this issue to gain code execution on the system. | ||||