Total
2087 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12736 | 1 Jetbrains | 1 Ktor | 2024-08-04 | 9.8 Critical |
| JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection. | ||||
| CVE-2019-12591 | 1 Netgear | 1 Insight | 2024-08-04 | N/A |
| NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. | ||||
| CVE-2019-12430 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 8.8 High |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection. | ||||
| CVE-2019-12104 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-08-04 | N/A |
| The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities. | ||||
| CVE-2019-11751 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-08-04 | 8.8 High |
| Logging-related command line parameters are not properly sanitized when Firefox is launched by another program, such as when a user clicks on malicious links in a chat application. This can be used to write a log file to an arbitrary location such as the Windows 'Startup' folder. <br>*Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | ||||
| CVE-2019-11535 | 1 Linksys | 4 Re6300, Re6300 Firmware, Re6400 and 1 more | 2024-08-04 | N/A |
| Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI. | ||||
| CVE-2019-11217 | 1 Bonobogitserver | 1 Bonobo Git Server | 2024-08-04 | N/A |
| The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request. | ||||
| CVE-2019-11076 | 1 Cribl | 1 Cribl | 2024-08-04 | N/A |
| Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request. | ||||
| CVE-2019-10854 | 1 Computrols | 1 Computrols Building Automation Software | 2024-08-04 | N/A |
| Computrols CBAS 18.0.0 allows Authenticated Command Injection. | ||||
| CVE-2019-10640 | 1 Gitlab | 1 Gitlab | 2024-08-04 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. | ||||
| CVE-2019-8341 | 2 Opensuse, Pocoo | 2 Leap, Jinja2 | 2024-08-04 | 9.8 Critical |
| An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing | ||||
| CVE-2019-10095 | 1 Apache | 1 Zeppelin | 2024-08-04 | 9.8 Critical |
| bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | ||||
| CVE-2019-9972 | 2 3cx, Debian | 3 Phone System, Phone System Firmware, Debian Linux | 2024-08-04 | 8.8 High |
| PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling. | ||||
| CVE-2019-9743 | 1 Phoenixcontact | 4 Rad-80211-xd, Rad-80211-xd\/hp-bus, Rad-80211-xd\/hp-bus Firmware and 1 more | 2024-08-04 | N/A |
| An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices. Command injection can occur in the WebHMI component. | ||||
| CVE-2019-9467 | 1 Google | 1 Android | 2024-08-04 | 6.7 Medium |
| In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-80316910 | ||||
| CVE-2019-9254 | 1 Google | 1 Android | 2024-08-04 | N/A |
| In readArgumentList of zygote.java in Android 10, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2019-9059 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-08-04 | N/A |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible, with an administrator account, to achieve command injection by modifying the path of the e-mail executable in Mail Settings, setting "sendmail" in the "Mailer" option, and launching the "Forgot your password" feature. | ||||
| CVE-2019-8255 | 4 Adobe, Apple, Linux and 1 more | 4 Brackets, Mac Os X, Linux Kernel and 1 more | 2024-08-04 | 9.8 Critical |
| Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-8073 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 9.8 Critical |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user. | ||||
| CVE-2019-8060 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-08-04 | 9.8 Critical |
| Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution . | ||||