Total
3506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1000216 | 1 Ruckus | 1 Wireless H500 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Ruckus Wireless H500 web management interface authenticated command injection | |||||
| CVE-2016-0325 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
| IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2015-8557 | 2 Canonical, Pygments | 2 Ubuntu Linux, Pygments | 2024-11-21 | 9.3 HIGH | 9.0 CRITICAL |
| The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. | |||||
| CVE-2015-8151 | 1 Symantec | 1 Encryption Management Server | 2024-11-21 | 5.8 MEDIUM | 9.1 CRITICAL |
| Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access. | |||||
| CVE-2015-8024 | 1 Mcafee | 1 Mcafee Enterprise Security Manager | 2024-11-21 | 9.3 HIGH | N/A |
| McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password. | |||||
| CVE-2015-7901 | 1 Infinite Automation Systems | 1 Mango Automation | 2024-11-21 | 6.5 MEDIUM | N/A |
| Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-7774 | 2 Pc-egg, Php | 2 Pwebmanager, Php | 2024-11-21 | 6.5 MEDIUM | N/A |
| PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | |||||
| CVE-2015-7769 | 1 Basercms | 1 Basercms | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-7698 | 1 Owncloud | 2 Owncloud, Smb | 2024-11-21 | 9.0 HIGH | N/A |
| icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php. | |||||
| CVE-2015-7611 | 1 Apache | 1 James Server | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors. | |||||
| CVE-2015-7426 | 1 Ibm | 2 Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-7310 | 1 Mcafee | 3 Enterprise Security Manager, Enterprise Security Manager\/log Manager, Enterprise Security Manager\/receiver | 2024-11-21 | 6.5 MEDIUM | N/A |
| McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which is not properly handled when downloading the file. | |||||
| CVE-2015-7253 | 1 Commvault | 1 Edge Server | 2024-11-21 | 10.0 HIGH | N/A |
| The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie. | |||||
| CVE-2015-6554 | 1 Symantec | 1 Endpoint Protection Manager | 2024-11-21 | 7.5 HIGH | N/A |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. | |||||
| CVE-2015-6435 | 1 Cisco | 2 Firepower Extensible Operating System, Unified Computing System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. | |||||
| CVE-2015-6396 | 1 Cisco | 6 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130w Wireless-n Multifunction Vpn Router and 3 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567. | |||||
| CVE-2015-6380 | 1 Cisco | 1 Firepower Extensible Operating System | 2024-11-21 | 6.5 MEDIUM | N/A |
| An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. | |||||
| CVE-2015-6370 | 1 Cisco | 1 Firepower Extensible Operating System | 2024-11-21 | 7.2 HIGH | N/A |
| The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578. | |||||
| CVE-2015-6298 | 1 Cisco | 1 Web Security Appliance | 2024-11-21 | 9.0 HIGH | N/A |
| The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote authenticated users to obtain root privileges via crafted certificate-generation arguments, aka Bug ID CSCus83445. | |||||
| CVE-2015-6008 | 1 Refbase | 1 Refbase | 2024-11-21 | 7.5 HIGH | N/A |
| install.php in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381. | |||||