ReportizFlow
Filtered by vendor
Subscriptions
Total
2658 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11279 | 1 Cloudfoundry | 1 Uaa Release | 2024-11-21 | 8.8 High |
| CF UAA versions prior to 74.1.0 can request scopes for a client that shouldn't be allowed by submitting an array of requested scopes. A remote malicious user can escalate their own privileges to any scope, allowing them to take control of UAA and the resources it controls. | ||||
| CVE-2019-11278 | 1 Cloudfoundry | 1 User Account And Authentication | 2024-11-21 | 8.8 High |
| CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of UAA scopes they should not have. | ||||
| CVE-2019-11217 | 1 Bonobogitserver | 1 Bonobo Git Server | 2024-11-21 | N/A |
| The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request. | ||||
| CVE-2019-11076 | 1 Cribl | 1 Cribl | 2024-11-21 | N/A |
| Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request. | ||||
| CVE-2019-10854 | 1 Computrols | 1 Computrols Building Automation Software | 2024-11-21 | N/A |
| Computrols CBAS 18.0.0 allows Authenticated Command Injection. | ||||
| CVE-2019-10640 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption. | ||||
| CVE-2019-10095 | 1 Apache | 1 Zeppelin | 2024-11-21 | 9.8 Critical |
| bash command injection vulnerability in Apache Zeppelin allows an attacker to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | ||||
| CVE-2019-1010174 | 2 Cimg, Debian | 2 Cimg Library, Debian Linux | 2024-11-21 | 9.8 Critical |
| CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4. | ||||
| CVE-2019-0542 | 2 Redhat, Xtermjs | 3 Openshift, Openshift Container Platform, Xterm.js | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. | ||||
| CVE-2018-8306 | 1 Microsoft | 2 Wireless Display Adapter, Wireless Display Adapter Firmware | 2024-11-21 | N/A |
| A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka "Microsoft Wireless Display Adapter Command Injection Vulnerability." This affects Microsoft Wireless Display Adapter V2 Software. | ||||
| CVE-2018-7826 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-11-21 | N/A |
| A Command Injection vulnerability exists in the web-based GUI of the 1st Gen Pelco Sarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. | ||||
| CVE-2018-7825 | 1 Schneider-electric | 118 D6220, D6220 Firmware, D6220l and 115 more | 2024-11-21 | N/A |
| A Command Injection vulnerability exists in the web-based GUI of the 1st Gen PelcoSarix Enhanced Camera that could allow a remote attacker to execute arbitrary commands. | ||||
| CVE-2018-7785 | 1 Schneider-electric | 1 U.motion Builder | 2024-11-21 | N/A |
| In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. | ||||
| CVE-2018-5764 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Rsync | 2024-11-21 | 7.5 High |
| The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. | ||||
| CVE-2018-5439 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2024-11-21 | N/A |
| A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. | ||||
| CVE-2018-5428 | 1 Tibco | 1 Data Virtualization | 2024-11-21 | N/A |
| The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6. | ||||
| CVE-2018-5412 | 1 Imperva | 1 Securesphere | 2024-11-21 | N/A |
| Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode. | ||||
| CVE-2018-5403 | 1 Imperva | 1 Securesphere | 2024-11-21 | N/A |
| Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface. | ||||
| CVE-2018-5172 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-3963 | 1 Getcujo | 1 Smart Firewall | 2024-11-21 | 8.0 High |
| An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry. | ||||