Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7804 | 2 Handysoft, Microsoft | 4 Groupware, Windows 10, Windows 7 and 1 more | 2020-05-07 | 6.5 MEDIUM | 7.2 HIGH |
| ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. | |||||
| CVE-2017-18858 | 1 Netgear | 20 M4200-10mg-poe\+, M4200-10mg-poe\+ Firmware, M4300-12x12f and 17 more | 2020-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier. | |||||
| CVE-2020-11016 | 1 Intelmq Manager Project | 1 Intelmq Manager | 2020-05-06 | 6.5 MEDIUM | 8.8 HIGH |
| IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver. Version 2.1.1 fixes the vulnerability. | |||||
| CVE-2016-11061 | 1 Xerox | 50 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 47 more | 2020-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device. | |||||
| CVE-2019-19217 | 1 Bmcsoftware | 1 Control-m\/agent | 2020-05-05 | 8.5 HIGH | 8.8 HIGH |
| BMC Control-M/Agent 7.0.00.000 allows OS Command Injection. | |||||
| CVE-2020-11941 | 1 Opmantek | 1 Open-audit | 2020-05-05 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery. | |||||
| CVE-2018-21152 | 1 Netgear | 14 D7800, D7800 Firmware, R7500 and 11 more | 2020-05-05 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54. | |||||
| CVE-2018-21154 | 1 Netgear | 10 D7800, D7800 Firmware, Dm200 and 7 more | 2020-05-05 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, and R7800 before 1.0.2.42. | |||||
| CVE-2018-21157 | 1 Netgear | 18 D7800, D7800 Firmware, R6700 and 15 more | 2020-05-05 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R7500v2 before 1.0.3.24, R7800 before 1.0.2.38, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | |||||
| CVE-2019-19220 | 1 Bmcsoftware | 1 Control-m\/agent | 2020-05-04 | 8.5 HIGH | 8.8 HIGH |
| BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2). | |||||
| CVE-2016-11054 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2020-05-04 | 9.0 HIGH | 7.2 HIGH |
| NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory. | |||||
| CVE-2018-21225 | 1 Netgear | 28 D7000, D7000 Firmware, D7800 and 25 more | 2020-05-04 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6700 before 1.0.1.30, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900 before 1.0.1.30, R6900P before 1.2.0.22, R6900v2 before 1.2.0.16, R7000 before 1.0.9.12, R7000P before 1.2.0.22, R7500v2 before 1.0.3.20, R7800 before 1.0.2.44, R8300 before 1.0.2.106, R8500 before 1.0.2.106, and R9000 before 1.0.2.52. | |||||
| CVE-2018-21162 | 1 Netgear | 32 D6400, D6400 Firmware, Ex6200 and 29 more | 2020-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before 1.0.1.16, R7000 before 1.0.7.10, R7100LG before 1.0.0.42, R7300DST before 1.0.0.44, R7900 before 1.0.1.12, R8000 before 1.0.3.36, R8300 before 1.0.2.74, R8500 before 1.0.2.74, WNDR3400v3 before 1.0.1.14, and WNR3500Lv2 before 1.2.0.48. | |||||
| CVE-2018-21164 | 1 Netgear | 4 R6220, R6220 Firmware, Wndr3700 and 1 more | 2020-05-01 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.64 and WNDR3700v5 before 1.1.0.54. | |||||
| CVE-2020-5868 | 1 F5 | 1 Big-iq Centralized Management | 2020-05-01 | 10.0 HIGH | 9.8 CRITICAL |
| In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. | |||||
| CVE-2020-7350 | 1 Rapid7 | 1 Metasploit | 2020-04-30 | 6.8 MEDIUM | 7.8 HIGH |
| Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command. | |||||
| CVE-2018-21127 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2020-04-27 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
| CVE-2018-21130 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2020-04-27 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
| CVE-2018-21126 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2020-04-27 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
| CVE-2018-21099 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-27 | 5.2 MEDIUM | 8.0 HIGH |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||