Total
2087 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8088 | 1 Adobe | 1 Experience Manager | 2024-08-04 | 9.8 Critical |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-7989 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2024-08-04 | N/A |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-7968 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2024-08-04 | N/A |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-7839 | 1 Adobe | 1 Coldfusion | 2024-08-04 | N/A |
| ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-7850 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-08-04 | N/A |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. | ||||
| CVE-2019-7610 | 2 Elastic, Redhat | 2 Kibana, Openshift | 2024-08-04 | N/A |
| Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | ||||
| CVE-2019-7537 | 1 Pytroll | 1 Donfig | 2024-08-04 | N/A |
| An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution. | ||||
| CVE-2019-6739 | 1 Malwarebytes | 1 Antimalware | 2024-08-04 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity. Was ZDI-CAN-7162. | ||||
| CVE-2019-6689 | 1 Dillonkane | 1 Tidal Workload Automation | 2024-08-04 | N/A |
| An issue was discovered in Dillon Kane Tidal Workload Automation Agent 3.2.0.5 (formerly known as Cisco Workload Automation or CWA). The Enterprise Scheduler for AIX allows local users to gain privileges via Command Injection in crafted Tidal Job Buffers (TJB) parameters. NOTE: this vulnerability exists because the CVE-2014-3272 solution did not address AIX operating systems. | ||||
| CVE-2019-6622 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-08-04 | N/A |
| On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, and 11.5.1-11.6.4, an undisclosed iControl REST worker is vulnerable to command injection by an administrator or resource administrator user. This attack is only exploitable on multi-bladed systems. | ||||
| CVE-2019-6552 | 1 Advantech | 1 Webaccess | 2024-08-04 | 9.8 Critical |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. | ||||
| CVE-2019-6579 | 1 Siemens | 1 Spectrum Power 4 | 2024-08-04 | 9.8 Critical |
| A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2019-6275 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-08-04 | N/A |
| Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | ||||
| CVE-2019-6272 | 1 Gl-inet | 2 Gl-ar300m-lite, Gl-ar300m-lite Firmware | 2024-08-04 | N/A |
| Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code. | ||||
| CVE-2019-6288 | 1 Edge-core | 2 Ecs2020, Ecs2020 Firmware | 2024-08-04 | 9.8 Critical |
| Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. | ||||
| CVE-2019-5420 | 3 Debian, Fedoraproject, Rubyonrails | 3 Debian Linux, Fedora, Rails | 2024-08-04 | 9.8 Critical |
| A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. | ||||
| CVE-2019-5424 | 1 Ui | 1 Edgeswitch X | 2024-08-04 | 8.8 High |
| In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user. | ||||
| CVE-2019-5446 | 1 Ui | 12 Edgeswitch Firmware, Ep-s16., Es-12f and 9 more | 2024-08-04 | 7.2 High |
| Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. | ||||
| CVE-2019-5413 | 1 Morgan Project | 1 Morgan | 2024-08-04 | N/A |
| An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1. | ||||
| CVE-2019-5414 | 1 Kill-port Project | 1 Kill-port | 2024-08-04 | N/A |
| If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2. | ||||