Total
4871 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1650 | 1 Cisco | 12 Sd-wan, Vbond Orchestrator, Vedge 100 and 9 more | 2024-11-21 | 8.8 High |
| A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the save command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the save command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. | ||||
| CVE-2019-1636 | 1 Cisco | 1 Webex Teams | 2024-11-21 | N/A |
| A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit this vulnerability by convincing a targeted user to follow a malicious link. Successful exploitation could cause the application to load libraries from the directory targeted by the URI link. The attacker could use this behavior to execute arbitrary commands on the system with the privileges of the targeted user if the attacker can place a crafted library in a directory that is accessible to the vulnerable system. | ||||
| CVE-2019-1634 | 1 Cisco | 13 Encs 5100, Encs 5400, Integrated Management Controller Supervisor and 10 more | 2024-11-21 | 7.2 High |
| A vulnerability in the Intelligent Platform Management Interface (IPMI) of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on the underlying operating system (OS). The vulnerability is due to insufficient input validation of user-supplied commands. An attacker who has administrator privileges and access to the network where the IPMI resides could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to gain root privileges on the affected device. | ||||
| CVE-2019-1623 | 1 Cisco | 1 Meeting Server | 2024-11-21 | 6.7 Medium |
| A vulnerability in the CLI configuration shell of Cisco Meeting Server could allow an authenticated, local attacker to inject arbitrary commands as the root user. The vulnerability is due to insufficient input validation during the execution of a vulnerable CLI command. An attacker with administrator-level credentials could exploit this vulnerability by injecting crafted arguments during command execution. A successful exploit could allow the attacker to perform arbitrary code execution as root on an affected product. | ||||
| CVE-2019-1614 | 1 Cisco | 11 Mds 9000, Nexus 2000, Nexus 3000 and 8 more | 2024-11-21 | 8.8 High |
| A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to incorrect input validation of user-supplied data by the NX-API subsystem. An attacker could exploit this vulnerability by sending malicious HTTP or HTTPS packets to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to perform a command-injection attack and execute arbitrary commands with root privileges. Note: NX-API is disabled by default. MDS 9000 Series Multilayer Switches are affected running software versions prior to 8.1(1b) and 8.2(3). Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected running software versions prior to 7.3(4)N1(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 7000 and 7700 Series Switches are affected running software versions prior to 7.3(3)D1(1) and 8.2(3). | ||||
| CVE-2019-1591 | 1 Cisco | 2 Nexus 9000, Nx-os | 2024-11-21 | 7.8 High |
| A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a specific CLI command with parameters on an affected device. An attacker could exploit this vulnerability by authenticating to the device CLI and issuing certain commands. A successful exploit could allow the attacker to escape the restricted shell and execute arbitrary commands with root-level privileges on the affected device. This vulnerability only affects Cisco Nexus 9000 Series ACI Mode Switches that are running a release prior to 14.0(3d). | ||||
| CVE-2019-1581 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4. | ||||
| CVE-2019-1576 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8.8 High |
| Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions. | ||||
| CVE-2019-19994 | 1 Seling | 1 Visual Access Manager | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php. | ||||
| CVE-2019-19940 | 1 Swisscom | 2 Centro Grande, Centro Grande Firmware | 2024-11-21 | 7.2 High |
| Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection. | ||||
| CVE-2019-19920 | 3 Canonical, Debian, Sa-exim Project | 3 Ubuntu Linux, Debian Linux, Sa-exim | 2024-11-21 | 8.8 High |
| sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805. | ||||
| CVE-2019-19897 | 1 Ixpdata | 1 Easyinstall | 2024-11-21 | 9.8 Critical |
| In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\SYSTEM context of the target system by using the Execute Command Line function. | ||||
| CVE-2019-19842 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-11-21 | 9.8 Critical |
| emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute. | ||||
| CVE-2019-19841 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-11-21 | 9.8 Critical |
| emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute. | ||||
| CVE-2019-19839 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-11-21 | 9.8 Critical |
| emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute. | ||||
| CVE-2019-19838 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-11-21 | 9.8 Critical |
| emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. | ||||
| CVE-2019-19824 | 1 Totolink | 16 A3002ru, A3002ru Firmware, A702r and 13 more | 2024-11-21 | 8.8 High |
| On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and N302RE 2.0.2. | ||||
| CVE-2019-19642 | 1 Supermicro | 3 X8sti-f, X8sti-f Bios, X8sti-f Firmware | 2024-11-21 | 8.8 High |
| On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor. | ||||
| CVE-2019-19609 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.2 High |
| The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function. | ||||
| CVE-2019-19606 | 1 X-plane | 1 X-plane | 2024-11-21 | 9.8 Critical |
| X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system. | ||||