Total
3851 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000393 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators. | |||||
| CVE-2017-1000235 | 1 I-librarian | 1 I Librarian | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | |||||
| CVE-2017-1000220 | 1 Pidusage Project | 1 Pidusage | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution | |||||
| CVE-2017-1000219 | 1 Windows-cpu Project | 1 Windows-cpu | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user | |||||
| CVE-2017-1000215 | 1 Xrootd | 1 Xrootd | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution | |||||
| CVE-2017-1000214 | 1 Gitphp Project | 1 Gitphp | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| GitPHP by xiphux is vulnerable to OS Command Injections | |||||
| CVE-2017-1000203 | 1 Cern | 1 Root | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution | |||||
| CVE-2017-1000159 | 1 Gnome | 1 Evince | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91. | |||||
| CVE-2017-1000116 | 3 Debian, Mercurial, Redhat | 8 Debian Linux, Mercurial, Enterprise Linux Desktop and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | |||||
| CVE-2017-1000009 | 1 Akeneo | 1 Product Information Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution. | |||||
| CVE-2016-9091 | 1 Bluecoat | 2 Advanced Secure Gateway, Content Analysis System Software | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. | |||||
| CVE-2016-8721 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely. | |||||
| CVE-2016-7844 | 1 Gigaccsecure | 1 Gigacc Office | 2024-11-21 | 6.0 MEDIUM | 5.5 MEDIUM |
| GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template. | |||||
| CVE-2016-7819 | 1 Iodata | 4 Ts-wrla, Ts-wrla Firmware, Ts-wrlp and 1 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2016-7806 | 1 Iodata | 2 Wfs-sr01, Wfs-sr01 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2016-6631 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-6459 | 1 Cisco | 1 Telepresence Tc Software | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. | |||||
| CVE-2016-6414 | 1 Cisco | 1 Ios | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223. | |||||
| CVE-2016-6373 | 1 Cisco | 1 Cloud Services Platform 2100 | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541. | |||||
| CVE-2016-6147 | 1 Sap | 1 Trex | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226. | |||||