Total
2569 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0225 | 1 Apache | 1 Cassandra | 2025-04-12 | 7.5 HIGH | N/A |
| The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | |||||
| CVE-2016-7399 | 1 Veritas | 2 Netbackup Appliance, Netbackup Appliance Firmware | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. | |||||
| CVE-2013-7416 | 1 Canto | 1 Canto Curses | 2025-04-12 | 7.5 HIGH | N/A |
| canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. | |||||
| CVE-2015-0934 | 1 Sharelatex | 1 Sharelatex | 2025-04-12 | 6.5 MEDIUM | N/A |
| Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | |||||
| CVE-2016-10107 | 1 Western Digital | 1 Mycloud Nas | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header. | |||||
| CVE-2014-7208 | 1 Gparted | 1 Gparted | 2025-04-12 | 7.2 HIGH | N/A |
| GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. | |||||
| CVE-2015-8969 | 1 Squareup | 1 Git-fastclone | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library. | |||||
| CVE-2014-3556 | 1 F5 | 1 Nginx | 2025-04-12 | 6.8 MEDIUM | N/A |
| The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | |||||
| CVE-2016-2396 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2025-04-12 | 9.0 HIGH | 9.9 CRITICAL |
| The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. | |||||
| CVE-2015-3441 | 1 Genexia | 1 Drgos | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter. | |||||
| CVE-2015-5082 | 1 Endian Firewall | 1 Endian Firewall | 2025-04-12 | 10.0 HIGH | N/A |
| Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. | |||||
| CVE-2015-3678 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
| AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands. | |||||
| CVE-2016-1388 | 1 Cisco | 3 Network Analysis Module, Prime Network Analysis Module Software, Prime Virtual Network Analysis Module Software | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21882. | |||||
| CVE-2015-2846 | 1 Bittorrent | 1 Sync | 2025-04-12 | 9.3 HIGH | N/A |
| BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | |||||
| CVE-2015-5349 | 1 Apache | 2 Directory Studio, Ldap Studio | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet. | |||||
| CVE-2014-9622 | 1 Gentoo | 1 Xdg-utils | 2025-04-12 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. | |||||
| CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2025-04-12 | 5.8 MEDIUM | N/A |
| The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
| CVE-2015-6613 | 1 Google | 1 Android | 2025-04-12 | 5.1 MEDIUM | N/A |
| Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736. | |||||
| CVE-2015-5190 | 1 Pacemaker\/corosync Configuration System Project | 1 Pacemaker\/corosync Configuration System | 2025-04-12 | 8.5 HIGH | N/A |
| The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. | |||||
| CVE-2016-2875 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors. | |||||