Total
4714 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11353 | 1 Engeniustech | 2 Ews660ap, Ews660ap Firmware | 2024-11-21 | N/A |
| The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version. | ||||
| CVE-2019-11322 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | ||||
| CVE-2019-11319 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | ||||
| CVE-2019-11224 | 1 Harman | 2 Amx Mvp5150, Amx Mvp5150 Firmware | 2024-11-21 | N/A |
| HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. | ||||
| CVE-2019-11062 | 1 Sun.net | 1 Wmpro | 2024-11-21 | 9.8 Critical |
| The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | ||||
| CVE-2019-10958 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 7.2 High |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | ||||
| CVE-2019-10956 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 7.2 High |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. | ||||
| CVE-2019-10883 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2024-11-21 | N/A |
| Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | ||||
| CVE-2019-10880 | 1 Xerox | 10 Colorqube 8700, Colorqube 8700 Firmware, Colorqube 8900 and 7 more | 2024-11-21 | N/A |
| Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary. | ||||
| CVE-2019-10807 | 1 Blamer Project | 1 Blamer | 2024-11-21 | 9.8 Critical |
| Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer. | ||||
| CVE-2019-10804 | 1 Serial-number Project | 1 Serial-number | 2024-11-21 | 9.8 Critical |
| serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation. | ||||
| CVE-2019-10803 | 1 Push-dir Project | 1 Push-dir | 2024-11-21 | 9.8 Critical |
| push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands. | ||||
| CVE-2019-10802 | 1 Mangoraft | 1 Giting | 2024-11-21 | 9.8 Critical |
| giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | ||||
| CVE-2019-10801 | 1 Enpeem Project | 1 Enpeem | 2024-11-21 | 9.8 Critical |
| enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization. | ||||
| CVE-2019-10799 | 1 Compile-sass Project | 1 Compile-sass | 2024-11-21 | 8.2 High |
| compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization. | ||||
| CVE-2019-10796 | 1 Rpi Project | 1 Rpi | 2024-11-21 | 9.8 Critical |
| rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization. | ||||
| CVE-2019-10791 | 1 Promise-probe Project | 1 Promise-probe | 2024-11-21 | 9.8 Critical |
| promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization. | ||||
| CVE-2019-10789 | 1 Curling Project | 1 Curling | 2024-11-21 | 9.8 Critical |
| All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization. | ||||
| CVE-2019-10788 | 1 Dnt | 1 Im-metadata | 2024-11-21 | 9.8 Critical |
| im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function. | ||||
| CVE-2019-10787 | 1 Dnt | 1 Im-resize | 2024-11-21 | 9.8 Critical |
| im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization. | ||||