Total
4647 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11319 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | |||||
| CVE-2019-11224 | 1 Harman | 2 Amx Mvp5150, Amx Mvp5150 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. | |||||
| CVE-2019-11062 | 1 Sun.net | 1 Wmpro | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication. | |||||
| CVE-2019-10958 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root. | |||||
| CVE-2019-10956 | 1 Geutebrueck | 22 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 19 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root. | |||||
| CVE-2019-10883 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | |||||
| CVE-2019-10880 | 1 Xerox | 10 Colorqube 8700, Colorqube 8700 Firmware, Colorqube 8900 and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration authentication may not be necessary. | |||||
| CVE-2019-10807 | 1 Blamer Project | 1 Blamer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer. | |||||
| CVE-2019-10804 | 1 Serial-number Project | 1 Serial-number | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation. | |||||
| CVE-2019-10803 | 1 Push-dir Project | 1 Push-dir | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands. | |||||
| CVE-2019-10802 | 1 Mangoraft | 1 Giting | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | |||||
| CVE-2019-10801 | 1 Enpeem Project | 1 Enpeem | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization. | |||||
| CVE-2019-10799 | 1 Compile-sass Project | 1 Compile-sass | 2024-11-21 | 8.5 HIGH | 8.2 HIGH |
| compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization. | |||||
| CVE-2019-10796 | 1 Rpi Project | 1 Rpi | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization. | |||||
| CVE-2019-10791 | 1 Promise-probe Project | 1 Promise-probe | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization. | |||||
| CVE-2019-10789 | 1 Curling Project | 1 Curling | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization. | |||||
| CVE-2019-10788 | 1 Dnt | 1 Im-metadata | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function. | |||||
| CVE-2019-10787 | 1 Dnt | 1 Im-resize | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization. | |||||
| CVE-2019-10786 | 1 Network-manager Project | 1 Network-manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. | |||||
| CVE-2019-10783 | 1 Isof Project | 1 Isof | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input. | |||||