Total
1735 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-0326 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Quality Manager | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request." | |||||
CVE-2016-2875 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors. | |||||
CVE-2023-6572 | 1 Gradio Project | 1 Gradio | 2024-02-28 | N/A | 8.1 HIGH |
Command Injection in GitHub repository gradio-app/gradio prior to main. | |||||
CVE-2014-8990 | 3 Debian, Fedoraproject, Lsyncd Project | 3 Debian Linux, Fedora, Lsyncd | 2024-02-28 | 7.5 HIGH | N/A |
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
CVE-2014-8517 | 2 Apple, Netbsd | 2 Mac Os X, Netbsd | 2024-02-28 | 7.5 HIGH | N/A |
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | |||||
CVE-2014-4336 | 1 Linuxfoundation | 1 Cups-filters | 2024-02-28 | 5.8 MEDIUM | N/A |
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
CVE-2014-6260 | 1 Zenoss | 1 Zenoss Core | 2024-02-28 | 6.8 MEDIUM | N/A |
Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412. | |||||
CVE-2014-7208 | 1 Gparted | 1 Gparted | 2024-02-28 | 7.2 HIGH | N/A |
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. | |||||
CVE-2014-8630 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2024-02-28 | 6.5 MEDIUM | N/A |
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name. | |||||
CVE-2015-1815 | 2 Fedoraproject, Selinux | 2 Fedora, Setroubleshoot | 2024-02-28 | 10.0 HIGH | N/A |
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. | |||||
CVE-2013-2810 | 1 Emerson | 6 Dl 8000 Remote Terminal Unit, Dl 8000 Remote Terminal Unit Firmware, Roc 800 Remote Terminal Unit and 3 more | 2024-02-28 | 10.0 HIGH | N/A |
Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary commands via a TCP replay attack. | |||||
CVE-2014-7209 | 1 Debian | 1 Mime-support | 2024-02-28 | 7.5 HIGH | N/A |
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | |||||
CVE-2015-0934 | 1 Sharelatex | 1 Sharelatex | 2024-02-28 | 6.5 MEDIUM | N/A |
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | |||||
CVE-2015-2208 | 1 Avinu | 1 Phpmoadmin | 2024-02-28 | 7.5 HIGH | N/A |
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | |||||
CVE-2015-2265 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2024-02-28 | 7.5 HIGH | N/A |
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | |||||
CVE-2015-2846 | 1 Bittorrent | 1 Sync | 2024-02-28 | 9.3 HIGH | N/A |
BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | |||||
CVE-2014-9277 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 7.5 HIGH | N/A |
The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>. | |||||
CVE-2014-3524 | 2 Apache, Libreoffice | 2 Openoffice, Libreoffice | 2024-02-28 | 9.3 HIGH | N/A |
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet. | |||||
CVE-2014-9144 | 1 Technicolor | 1 Td5130 Router Firmware | 2024-02-28 | 7.5 HIGH | N/A |
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | |||||
CVE-2013-4663 | 1 Redmine | 1 Redmine Git Hosting Plugin | 2024-02-28 | 7.5 HIGH | N/A |
git_http_controller.rb in the redmine_git_hosting plugin for Redmine allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the service parameter to info/refs, related to the get_info_refs function or (2) the reqfile argument to the file_exists function. |