Total
3297 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19487 | 1 Centreon | 1 Centreon | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. | |||||
CVE-2020-3276 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. | |||||
CVE-2020-3207 | 1 Cisco | 56 Catalyst 3650-12x48uq, Catalyst 3650-12x48ur, Catalyst 3650-12x48uz and 53 more | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges. | |||||
CVE-2020-13919 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve command injection via a crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | |||||
CVE-2020-12774 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. | |||||
CVE-2020-7645 | 1 Google | 1 Chrome-launcher | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems. | |||||
CVE-2020-7640 | 1 Pixlcore | 1 Pixl-class | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization. | |||||
CVE-2018-21127 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2023-12-10 | 5.8 MEDIUM | 8.8 HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
CVE-2020-5561 | 1 Keijiban Tsumiki Project | 1 Keijiban Tsumiki | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2020-5332 | 1 Rsa | 1 Archer | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed. | |||||
CVE-2018-21098 | 1 Netgear | 2 R7800, R7800 Firmware | 2023-12-10 | 5.2 MEDIUM | 6.8 MEDIUM |
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
CVE-2020-15608 | 1 Control-webpanel | 1 Webpanel | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the ai_service parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9724. | |||||
CVE-2018-21157 | 1 Netgear | 18 D7800, D7800 Firmware, R6700 and 15 more | 2023-12-10 | 5.2 MEDIUM | 6.8 MEDIUM |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R7500v2 before 1.0.3.24, R7800 before 1.0.2.38, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | |||||
CVE-2020-12107 | 1 Stengg | 2 Vpncrypt M10, Vpncrypt M10 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command injection via a text field, which allow full control over this module's Operating System. | |||||
CVE-2020-5757 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the root user by sending a crafted HTTP POST to the UCM's "New" HTTPS API. | |||||
CVE-2018-21164 | 1 Netgear | 4 R6220, R6220 Firmware, Wndr3700 and 1 more | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.64 and WNDR3700v5 before 1.1.0.54. | |||||
CVE-2020-10674 | 1 Perlspeak Project | 1 Perlspeak | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of system and 2-argument open. | |||||
CVE-2020-14439 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2023-12-10 | 5.8 MEDIUM | 8.8 HIGH |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
CVE-2020-5759 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a specially crafted "unset" command. | |||||
CVE-2020-14081 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. |