Vulnerabilities (CVE)

CWE filter

CWE-77

Filter

514 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-7669 1 Primasystems 1 Flexair 2019-10-10 10.0
Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation of file extensions when uploading files could allow a remote authenticated attacker to upload and execute malicious applications within the application?s web root with root privileges.
CVE-2019-1576 1 Paloaltonetworks 1 Pan-os 2019-10-10 6.5
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user?s permissions.
CVE-2019-6552 1 Advantech 1 Webaccess 2019-10-09 N/A
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
CVE-2019-6169 2019-10-09 5.0
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
CVE-2019-6168 2019-10-09 7.5
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
CVE-2019-6167 2019-10-09 7.5
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
CVE-2019-5446 2019-10-09 9.0
Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.
CVE-2019-5445 2019-10-09 4.0
DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands.
CVE-2019-5424 1 Ui 1 Edgeswitch X 2019-10-09 9.0
In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.
CVE-2019-5413 1 Morgan Project 1 Morgan 2019-10-09 7.5
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.
CVE-2019-4294 1 Ibm 2 Datapower Gateway, Mq Appliance 2019-10-09 7.2
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the...
CVE-2019-4202 1 Ibm 1 Api Connect 2019-10-09 10.0
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123.
CVE-2019-4071 1 Ibm 1 Spectrum Control 2019-10-09 9.3
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063.
CVE-2019-3926 1 Crestron 2 Am-100 Firmware, Am-101 Firmware 2019-10-09 10.0
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system...
CVE-2019-3925 1 Crestron 2 Am-100 Firmware, Am-101 Firmware 2019-10-09 10.0
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system...
CVE-2019-3920 1 Nokia 1 I-240w-q Gpon Ont Firmware 2019-10-09 6.5
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/device_Form?script/.
CVE-2019-3919 1 Nokia 1 I-240w-q Gpon Ont Firmware 2019-10-09 6.5
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to /GponForm/usb_restore_Form?script/.
CVE-2019-3831 2 Ovirt, Redhat 2 Vdsm, Gluster Storage 2019-10-09 9.0
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
CVE-2019-3631 1 Mcafee 1 Enterprise Security Manager 2019-10-09 6.5
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.
CVE-2019-3630 1 Mcafee 1 Enterprise Security Manager 2019-10-09 6.5
Command Injection vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters.