Total
4410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-21101 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 8.0 High |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | ||||
| CVE-2018-21100 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 8.0 High |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | ||||
| CVE-2018-21099 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 8.0 High |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | ||||
| CVE-2018-21098 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 6.8 Medium |
| NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | ||||
| CVE-2018-20969 | 2 Gnu, Redhat | 6 Patch, Enterprise Linux, Rhel Aus and 3 more | 2024-11-21 | N/A |
| do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. | ||||
| CVE-2018-20841 | 1 Hootoo | 2 Tripmate Titan Ht-tm05, Tripmate Titan Ht-tm05 Firmware | 2024-11-21 | N/A |
| HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request. | ||||
| CVE-2018-20727 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php. | ||||
| CVE-2018-20434 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A |
| LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling. | ||||
| CVE-2018-20334 | 1 Asus | 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell. | ||||
| CVE-2018-20323 | 1 Mailcleaner | 1 Mailcleaner | 2024-11-21 | N/A |
| www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands. | ||||
| CVE-2018-20218 | 1 Teracue | 6 Enc-400 Hdmi, Enc-400 Hdmi2, Enc-400 Hdmi2 Firmware and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form. | ||||
| CVE-2018-20122 | 1 Fastweb | 2 Fastgate, Fastgate Firmware | 2024-11-21 | N/A |
| The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability. | ||||
| CVE-2018-20114 | 1 Dlink | 4 Dir-818lw, Dir-818lw Firmware, Dir-860l and 1 more | 2024-11-21 | 9.8 Critical |
| On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530. | ||||
| CVE-2018-20106 | 1 Opensuse | 1 Yast2-printer | 2024-11-21 | N/A |
| In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast. | ||||
| CVE-2018-20057 | 2 D-link, Dlink | 4 Dir-605l Firmware, Dir-619l Firmware, Dir-605l and 1 more | 2024-11-21 | N/A |
| An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter. | ||||
| CVE-2018-1998 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | N/A |
| IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887. | ||||
| CVE-2018-1242 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2024-11-21 | N/A |
| Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files that require root permission cannot be read. | ||||
| CVE-2018-1239 | 1 Dell | 2 Emc Unity Operating Environment, Emc Unityvsa Operating Environment | 2024-11-21 | N/A |
| Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. | ||||
| CVE-2018-1238 | 1 Dell | 1 Emc Scaleio | 2024-11-21 | N/A |
| Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. | ||||
| CVE-2018-1235 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2024-11-21 | N/A |
| Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with root privilege. | ||||