Total
3851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16667 | 1 Backintime Project | 1 Backintime | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands. | |||||
| CVE-2017-16666 | 1 Xplico | 1 Xplico | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature. | |||||
| CVE-2017-16641 | 1 Cacti | 1 Cacti | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | |||||
| CVE-2017-16042 | 1 Growl Project | 1 Growl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. | |||||
| CVE-2017-15924 | 2 Debian, Shadowsocks | 2 Debian Linux, Shadowsocks-libev | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. | |||||
| CVE-2017-15226 | 1 Zyxel | 2 Nbg6716, Nbg6716 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. | |||||
| CVE-2017-15108 | 2 Debian, Spice-space | 2 Debian Linux, Spice-vdagent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. | |||||
| CVE-2017-15103 | 2 Heketi Project, Redhat | 2 Heketi, Enterprise Linux | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. | |||||
| CVE-2017-15049 | 1 Zoom | 1 Zoom | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | |||||
| CVE-2017-14867 | 2 Debian, Git-scm | 2 Debian Linux, Git | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. | |||||
| CVE-2017-14705 | 1 Denyall | 2 I-suite, Web Application Firewall | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | |||||
| CVE-2017-14535 | 1 Netfortris | 1 Trixbox | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. | |||||
| CVE-2017-14500 | 1 Newsbeuter | 1 Newsbeuter | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904. | |||||
| CVE-2017-14481 | 1 Mysql-mmm | 1 Mysql Multi-master Replication Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | |||||
| CVE-2017-14480 | 1 Mysql-mmm | 1 Mysql Multi-master Replication Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | |||||
| CVE-2017-14479 | 1 Mysql-mmm | 1 Mysql Multi-master Replication Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | |||||
| CVE-2017-14478 | 1 Mysql-mmm | 1 Mysql Multi-master Replication Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | |||||
| CVE-2017-14477 | 1 Mysql-mmm | 1 Mysql Multi-master Replication Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | |||||
| CVE-2017-14476 | 1 Mysql-mmm | 1 Mysql Multi-master Replication Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | |||||
| CVE-2017-14475 | 1 Mysql-mmm | 1 Mysql Multi-master Replication Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\_agentd process. An attacker that can initiate a TCP session with mmm\_agentd can trigger this vulnerability. | |||||