Search
Total
158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15726 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2020-05-11 | 4.6 MEDIUM | 5.3 MEDIUM |
| The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. | |||||
| CVE-2018-21152 | 1 Netgear | 14 D7800, D7800 Firmware, R7500 and 11 more | 2020-05-05 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54. | |||||
| CVE-2018-21154 | 1 Netgear | 10 D7800, D7800 Firmware, Dm200 and 7 more | 2020-05-05 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, and R7800 before 1.0.2.42. | |||||
| CVE-2018-21157 | 1 Netgear | 18 D7800, D7800 Firmware, R6700 and 15 more | 2020-05-05 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R7500v2 before 1.0.3.24, R7800 before 1.0.2.38, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | |||||
| CVE-2018-21225 | 1 Netgear | 28 D7000, D7000 Firmware, D7800 and 25 more | 2020-05-04 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6700 before 1.0.1.30, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900 before 1.0.1.30, R6900P before 1.2.0.22, R6900v2 before 1.2.0.16, R7000 before 1.0.9.12, R7000P before 1.2.0.22, R7500v2 before 1.0.3.20, R7800 before 1.0.2.44, R8300 before 1.0.2.106, R8500 before 1.0.2.106, and R9000 before 1.0.2.52. | |||||
| CVE-2018-21098 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-27 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
| CVE-2018-21110 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
| CVE-2018-21103 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
| CVE-2018-21104 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
| CVE-2018-21105 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
| CVE-2018-21106 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
| CVE-2018-21107 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
| CVE-2018-21108 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
| CVE-2018-21109 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | |||||
| CVE-2019-15708 | 1 Fortinet | 4 Fortiap, Fortiap-s, Fortiap-u and 1 more | 2020-03-19 | 7.2 HIGH | 6.7 MEDIUM |
| A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands. | |||||
| CVE-2020-3176 | 1 Cisco | 6 Remote Phy 120, Remote Phy 120 Firmware, Remote Phy 220 and 3 more | 2020-03-05 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in Cisco Remote PHY Device Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exists because the affected software does not properly sanitize user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying certain CLI commands with crafted arguments. A successful exploit could allow the attacker to run arbitrary commands as the root user, which could result in a complete system compromise. | |||||
| CVE-2020-3169 | 1 Cisco | 16 Firepower 4110, Firepower 4115, Firepower 4120 and 13 more | 2020-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
| CVE-2019-20348 | 1 Okerthai | 2 G232v1, G232v1 Firmware | 2020-01-15 | 7.2 HIGH | 6.8 MEDIUM |
| OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order to execute arbitrary commands with root privileges and conduct further attacks. | |||||
| CVE-2018-11805 | 2 Apache, Debian | 2 Spamassassin, Debian Linux | 2020-01-13 | 7.2 HIGH | 6.7 MEDIUM |
| In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places. | |||||
| CVE-2019-6013 | 1 Dlink | 2 Dba-1510p, Dba-1510p Firmware | 2020-01-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI). | |||||
| CVE-2019-16242 | 1 Alcatelmobile | 2 Cingular Flip 2, Cingular Flip 2 Firmware | 2019-12-10 | 7.2 HIGH | 6.8 MEDIUM |
| On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI. | |||||
| CVE-2019-18424 | 1 Xen | 1 Xen | 2019-11-14 | 6.9 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. | |||||
| CVE-2019-1879 | 1 Cisco | 2 Integrated Management Controller, Unified Computing System | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. | |||||
| CVE-2019-1770 | 1 Cisco | 106 7000 10-slot, 7000 18-slot, 7000 4-slot and 103 more | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
| CVE-2019-1778 | 1 Cisco | 67 N9k-c9504-fm-r, N9k-c9508-fm-r, N9k-x96136yc-r and 64 more | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
| CVE-2019-1775 | 1 Cisco | 129 7000 10-slot, 7000 18-slot, 7000 4-slot and 126 more | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
| CVE-2019-1774 | 1 Cisco | 129 7000 10-slot, 7000 18-slot, 7000 4-slot and 126 more | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
| CVE-2019-1612 | 1 Cisco | 6 Nexus 3000, Nexus 3500, Nexus 3600 and 3 more | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. Nexus 3000 Series Switches are affected running software versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected running software versions prior to 7.0(3)I7(4). Nexus 3600 Platform Switches are affected running software versions prior to 7.0(3)F3(5). Nexus 9000 Series Switches in Stand are affected running software versions prior to 7.0(3)F3(5). | |||||
| CVE-2019-12709 | 1 Cisco | 11 Asr 9000v, Asr 9001, Asr 9006 and 8 more | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in a CLI command related to the virtualization manager (VMAN) in Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with root privileges. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on an affected device. An attacker who has valid administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system with root privileges, which may lead to complete system compromise. | |||||
| CVE-2019-12661 | 1 Cisco | 1 Ios Xe | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise. | |||||
| CVE-2018-0184 | 1 Cisco | 1 Ios Xe | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCve74432. | |||||
| CVE-2018-0115 | 1 Cisco | 4 Asr 5000, Asr 5500, Asr 5700 and 1 more | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332. | |||||
| CVE-2018-0183 | 1 Cisco | 1 Ios Xe | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuv91356. | |||||
| CVE-2018-0221 | 1 Cisco | 1 Identity Services Engine | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker needs valid administrator credentials for the device. The vulnerability is due to incomplete input validation of user input for certain CLI ISE configuration commands. An attacker could exploit this vulnerability by authenticating as an administrative user, issuing a specific CLI command, and entering crafted, malicious user input for the command parameters. An exploit could allow the attacker to perform command injection to the lower-level Linux operating system. It is also possible the attacker could cause the ISE user interface for this management session to hang or disconnect. Cisco Bug IDs: CSCvg95479. | |||||
| CVE-2017-6796 | 1 Cisco | 1 Ios Xe | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. Cisco Bug IDs: CSCve48949. | |||||
| CVE-2017-12305 | 1 Cisco | 1 Ip Phone 8800 Series Firmware | 2019-10-09 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034. | |||||
| CVE-2017-6602 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2019-10-03 | 3.6 LOW | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189 CSCvb86775. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1742) 92.1(1.1658) 2.1(1.38) 2.0(1.107) 2.0(1.87) 1.1(4.148) 1.1(4.138). | |||||
| CVE-2018-6791 | 2 Debian, Kde | 2 Debian Linux, Plasma-workspace | 2019-10-03 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder. | |||||
| CVE-2018-3890 | 1 Yitechnology | 2 Yi Home Camera, Yi Home Camera Firmware | 2019-10-03 | 4.6 MEDIUM | 6.8 MEDIUM |
| An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability. | |||||
| CVE-2018-14998 | 1 Leagoo | 2 P1, P1 Firmware | 2019-10-03 | 7.2 HIGH | 6.8 MEDIUM |
| The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB by modifying read-only system properties at runtime. Specifically, modifying the ro.debuggable and the ro.secure system properties to a certain value and then restarting the ADB daemon allows for a root shell to be obtained via ADB. | |||||
| CVE-2019-3727 | 1 Dell | 2 Emc Recoverpoint, Recoverpoint For Virtual Machines | 2019-05-22 | 7.2 HIGH | 6.7 MEDIUM |
| Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an OS command injection vulnerability in the installation feature of Boxmgmt CLI. A malicious boxmgmt user may potentially be able to execute arbitrary commands as root. | |||||
| CVE-2019-1769 | 1 Cisco | 67 N9k-c9504-fm-r, N9k-c9508-fm-r, N9k-x96136yc-r and 64 more | 2019-05-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system of an attached line card with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of an attached line card with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
| CVE-2019-1776 | 1 Cisco | 134 7000 10-slot, 7000 18-slot, 7000 4-slot and 131 more | 2019-05-20 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command on the affected device. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with elevated privileges. An attacker would need valid administrator credentials to exploit this vulnerability. | |||||
| CVE-2018-0677 | 1 Panasonic | 2 Bn-sdwbp3, Bn-sdwbp3 Firmware | 2019-02-11 | 7.7 HIGH | 6.8 MEDIUM |
| BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-11077 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2018-12-31 | 7.2 HIGH | 6.7 MEDIUM |
| 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. | |||||
| CVE-2018-0643 | 2 Canonical, Orcamo | 2 Ubuntu Linux, Online Receipt Computer Advantage | 2018-11-13 | 7.4 HIGH | 6.6 MEDIUM |
| Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-0512 | 1 Iodata | 90 Bx-vp1, Bx-vp1 Firmware, Gv-ntx1 and 87 more | 2018-03-06 | 7.7 HIGH | 6.8 MEDIUM |
| Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-10813 | 1 Corega | 2 Wlr 300 Nm, Wlr 300 Nm Firmware | 2017-09-20 | 7.7 HIGH | 6.8 MEDIUM |
| CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-10811 | 1 Buffalo | 2 Wcr-1166ds, Wcr-1166ds Firmware | 2017-08-25 | 7.7 HIGH | 6.8 MEDIUM |
| Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2016-7844 | 1 Gigaccsecure | 1 Gigacc Office | 2017-08-04 | 6.0 MEDIUM | 5.5 MEDIUM |
| GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template. | |||||