Total
1755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1980 | 1 Paloaltonetworks | 1 Pan-os | 2020-03-13 | 7.2 HIGH | 7.8 HIGH |
| A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. This issue is fixed in PAN-OS 8.1.13, and all later versions. | |||||
| CVE-2020-3176 | 1 Cisco | 6 Remote Phy 120, Remote Phy 120 Firmware, Remote Phy 220 and 3 more | 2020-03-05 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, which could result in a complete system compromise. | |||||
| CVE-2019-15609 | 1 Kill-port-process Project | 1 Kill-port-process | 2020-03-02 | 10.0 HIGH | 9.8 CRITICAL |
| The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability. | |||||
| CVE-2015-8971 | 2 Debian, Enlightenment | 2 Debian Linux, Terminology | 2020-02-24 | 4.6 MEDIUM | 7.8 HIGH |
| Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. | |||||
| CVE-2017-15940 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | 9.8 CRITICAL |
| The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2019-5390 | 1 Hp | 1 Intelligent Management Center | 2020-01-04 | 10.0 HIGH | 9.8 CRITICAL |
| A remote command injection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2014-1203 | 1 Eyou | 1 Eyou | 2019-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php. | |||||
| CVE-2019-15588 | 1 Sonatype | 1 Nexus Repository Manager | 2019-11-06 | 9.0 HIGH | 7.2 HIGH |
| There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability. | |||||
| CVE-2019-5414 | 1 Kill-port Project | 1 Kill-port | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2. | |||||
| CVE-2019-1624 | 1 Cisco | 1 Sd-wan | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the vManage Web UI. A successful exploit could allow the attacker to execute commands with root privileges. | |||||
| CVE-2019-1612 | 1 Cisco | 6 Nexus 3000, Nexus 3500, Nexus 3600 and 3 more | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Stand are affected running software versions prior to 7.0(3)F3(5). | |||||
| CVE-2019-12661 | 1 Cisco | 1 Ios Xe | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise. | |||||
| CVE-2019-12651 | 1 Cisco | 5 Cloud Services Router 1000v, Cloud Services Router 1000v Firmware, Integrated Services Virtual Router and 2 more | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-12591 | 1 Netgear | 1 Insight | 2019-10-09 | 6.5 MEDIUM | 7.6 HIGH |
| NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. | |||||
| CVE-2018-9866 | 1 Sonicwall | 1 Global Management System | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. | |||||
| CVE-2018-5439 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. | |||||
| CVE-2018-5428 | 1 Tibco | 1 Data Virtualization | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6. | |||||
| CVE-2018-5412 | 1 Imperva | 1 Securesphere | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. | |||||
| CVE-2018-5403 | 1 Imperva | 1 Securesphere | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface. | |||||
| CVE-2018-3779 | 1 Activesupport Project | 1 Activesupport | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. | |||||