Total
3837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17105 | 1 Zivif | 2 Pr115-204-p-rs, Pr115-204-p-rs Firmware | 2020-06-16 | 10.0 HIGH | 9.8 CRITICAL |
| Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request. | |||||
| CVE-2020-2029 | 1 Paloaltonetworks | 1 Pan-os | 2020-06-16 | 9.0 HIGH | 7.2 HIGH |
| An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. This issue affects: All versions of PAN-OS 8.0; PAN-OS 7.1 versions earlier than PAN-OS 7.1.26; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. | |||||
| CVE-2020-2028 | 1 Paloaltonetworks | 1 Pan-os | 2020-06-16 | 9.0 HIGH | 7.2 HIGH |
| An OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7. | |||||
| CVE-2020-3224 | 1 Cisco | 1 Ios Xe | 2020-06-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to inject IOS commands to an affected device. The injected commands should require a higher privilege level in order to be executed. The vulnerability is due to insufficient input validation of specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific web UI endpoint on an affected device. A successful exploit could allow the attacker to inject IOS commands to the affected device, which could allow the attacker to alter the configuration of the device or cause a denial of service (DoS) condition. | |||||
| CVE-2020-3210 | 1 Cisco | 5 1120, 1240, 809 and 2 more | 2020-06-10 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server (VDS) of an affected device. The attacker must have valid user credentials at privilege level 15. The vulnerability is due to insufficient validation of arguments that are passed to specific VDS-related CLI commands. An attacker could exploit this vulnerability by authenticating to the targeted device and including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands in the context of the Linux shell of VDS with the privileges of the root user. | |||||
| CVE-2020-3212 | 1 Cisco | 1 Ios Xe | 2020-06-10 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker could exploit this vulnerability by uploading a crafted file to the web UI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands with root privileges on the device. | |||||
| CVE-2020-3211 | 1 Cisco | 1 Ios Xe | 2020-06-10 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device. The vulnerability is due to improper input sanitization. An attacker who has valid administrative access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the web UI and then submitting that form. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device, which could lead to complete system compromise. | |||||
| CVE-2020-3207 | 1 Cisco | 56 Catalyst 3650-12x48uq, Catalyst 3650-12x48ur, Catalyst 3650-12x48uz and 53 more | 2020-06-05 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges. | |||||
| CVE-2020-4180 | 1 Ibm | 1 Security Guardium | 2020-06-03 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 174735. | |||||
| CVE-2014-8945 | 1 Piwigo | 1 Lexiglot | 2020-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields. | |||||
| CVE-2020-11950 | 1 Vivotek | 400 Cc8160, Cc8160\(hs\), Cc8160\(hs\) Firmware and 397 more | 2020-06-02 | 9.0 HIGH | 8.8 HIGH |
| VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices. | |||||
| CVE-2020-13694 | 1 Quickbox | 1 Quickbox | 2020-06-02 | 9.0 HIGH | 8.8 HIGH |
| In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option. | |||||
| CVE-2014-7173 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2020-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. | |||||
| CVE-2020-8171 | 1 Ui | 51 Ag-hp-2g16, Ag-hp-2g20, Ag-hp-5g23 and 48 more | 2020-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page. | |||||
| CVE-2020-13252 | 1 Centreon | 1 Centreon | 2020-05-21 | 9.0 HIGH | 8.8 HIGH |
| Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. | |||||
| CVE-2020-2007 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-19 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | |||||
| CVE-2020-2014 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-14 | 9.0 HIGH | 8.8 HIGH |
| An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | |||||
| CVE-2020-2010 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-14 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | |||||
| CVE-2020-2008 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-14 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. | |||||
| CVE-2020-7805 | 1 Infomark | 4 Iml500, Iml500 Firmware, Iml520 and 1 more | 2020-05-14 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411) wifi device. This issue is a command injection allowing attackers to execute arbitrary OS commands. | |||||