Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-6707 | 1 Cisco | 1 Staros | 2024-02-28 | 7.2 HIGH | 8.2 HIGH |
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930. | |||||
CVE-2017-1000219 | 1 Windows-cpu Project | 1 Windows-cpu | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user | |||||
CVE-2017-1000215 | 1 Xrootd | 1 Xrootd | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution | |||||
CVE-2016-6065 | 1 Ibm | 1 Security Guardium | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. | |||||
CVE-2017-6970 | 2 Alienvault, Nfsen | 3 Ossim, Unified Security Management, Nfsen | 2024-02-28 | 4.6 MEDIUM | 8.4 HIGH |
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. | |||||
CVE-2017-8220 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-02-28 | 9.0 HIGH | 9.9 CRITICAL |
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data. | |||||
CVE-2017-3806 | 1 Cisco | 1 Firepower Threat Defense | 2024-02-28 | 4.6 MEDIUM | 5.3 MEDIUM |
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101). | |||||
CVE-2017-5173 | 1 Geutebrueck | 2 Ip Camera G-cam Efd-2250, Ip Camera G-cam Efd-2250 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. | |||||
CVE-2017-6884 | 1 Zyxel | 2 Emg2926, Emg2926 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI. | |||||
CVE-2017-6600 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136. | |||||
CVE-2017-2112 | 1 Iodata | 14 Ts-ptcam, Ts-ptcam\/poe, Ts-ptcam\/poe Firmware and 11 more | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2017-3796 | 1 Cisco | 1 Webex Meetings Server | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6. | |||||
CVE-2017-6601 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647). | |||||
CVE-2017-6606 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 6.9 MEDIUM | 6.4 MEDIUM |
A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E. | |||||
CVE-2017-7981 | 2 Enalean, Phpwiki Project | 2 Tuleap, Phpwiki | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax="c;id"' line to execute the id command. | |||||
CVE-2016-5313 | 1 Symantec | 1 Web Gateway | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. | |||||
CVE-2017-2096 | 1 Smalruby | 1 Smalruby-editor | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2017-6182 | 1 Sophos | 1 Web Appliance | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | |||||
CVE-2017-2128 | 1 Information-technology Promotion Agency | 1 Introduction To Safe Website Operation | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | |||||
CVE-2017-7414 | 1 Horde | 1 Groupware | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it. |