Total
3430 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2152 | 1 Buffalo Inc | 2 Wnc01wh, Wnc01wh Firmware | 2024-02-04 | 5.2 MEDIUM | 6.8 MEDIUM |
| WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-6601 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
| A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647). | |||||
| CVE-2017-2096 | 1 Smalruby | 1 Smalruby-editor | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-8051 | 1 Tenable | 1 Appliance | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands. | |||||
| CVE-2017-7981 | 2 Enalean, Phpwiki Project | 2 Tuleap, Phpwiki | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax="c;id"' line to execute the id command. | |||||
| CVE-2017-2128 | 1 Information-technology Promotion Agency | 1 Introduction To Safe Website Operation | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | |||||
| CVE-2017-6359 | 1 Qnap | 1 Qts | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. | |||||
| CVE-2017-6600 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136. | |||||
| CVE-2017-8768 | 1 Atlassian | 1 Sourcetree | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632. | |||||
| CVE-2017-2141 | 1 Iodata | 2 Wn-g300r3, Wn-g300r3 Firmware | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2016-9091 | 1 Bluecoat | 2 Advanced Secure Gateway, Content Analysis System Software | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. | |||||
| CVE-2016-2876 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-04 | 8.5 HIGH | 7.5 HIGH |
| IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue. | |||||
| CVE-2017-6182 | 1 Sophos | 1 Web Appliance | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | |||||
| CVE-2017-6970 | 2 Alienvault, Nfsen | 3 Ossim, Unified Security Management, Nfsen | 2024-02-04 | 4.6 MEDIUM | 8.4 HIGH |
| AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. | |||||
| CVE-2017-6597 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115). | |||||
| CVE-2017-3796 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6. | |||||
| CVE-2016-10320 | 1 Textract Project | 1 Textract | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files. | |||||
| CVE-2016-6065 | 1 Ibm | 1 Security Guardium | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. | |||||
| CVE-2017-7690 | 1 Proxifier | 1 Proxifier | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program. | |||||
| CVE-2016-6631 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-04 | 8.5 HIGH | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||