Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14998 | 1 Leagoo | 2 P1, P1 Firmware | 2019-10-03 | 7.2 HIGH | 6.8 MEDIUM |
| The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB by modifying read-only system properties at runtime. Specifically, modifying the ro.debuggable and the ro.secure system properties to a certain value and then restarting the ADB daemon allows for a root shell to be obtained via ADB. | |||||
| CVE-2018-13797 | 1 Node-macaddress Project | 1 Node-macaddress | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. | |||||
| CVE-2018-11163 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46). | |||||
| CVE-2018-11189 | 1 Quest | 1 Disk Backup | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6). | |||||
| CVE-2018-11159 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 17 of 46). | |||||
| CVE-2018-10660 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | |||||
| CVE-2018-13330 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-03 | 9.0 HIGH | 7.2 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands during group creation via the "groupname" parameter. | |||||
| CVE-2018-11157 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 15 of 46). | |||||
| CVE-2018-11177 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46). | |||||
| CVE-2018-11143 | 1 Quest | 1 Disk Backup | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46). | |||||
| CVE-2018-13354 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| System command injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "Event" parameter. | |||||
| CVE-2018-11168 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 26 of 46). | |||||
| CVE-2018-9075 | 1 Lenovo | 22 Iomega Ez Media \& Backup Center, Iomega Storcenter Ix2, Iomega Storcenter Ix2-dl and 19 more | 2019-10-03 | 9.3 HIGH | 8.1 HIGH |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. | |||||
| CVE-2018-15710 | 1 Nagios | 1 Nagios Xi | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. | |||||
| CVE-2018-12313 | 1 Asustor | 2 As602t, Data Master | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands without authentication via the "rocommunity" URL parameter. | |||||
| CVE-2018-16144 | 1 Opsview | 1 Opsview | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter. | |||||
| CVE-2018-13318 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. | |||||
| CVE-2018-11178 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 36 of 46). | |||||
| CVE-2018-11184 | 1 Quest | 1 Disk Backup | 2019-10-03 | 6.5 MEDIUM | 7.2 HIGH |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 42 of 46). | |||||
| CVE-2018-13358 | 1 Terra-master | 1 Terramaster Operating System | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the "checkName" parameter. | |||||