Total
4889 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5970 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | |||||
| CVE-2014-3911 | 1 Samsung | 1 Ipolis Device Manager | 2025-04-12 | 9.3 HIGH | N/A |
| Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. | |||||
| CVE-2014-6334 | 1 Microsoft | 3 Office Compatibility Pack, Office Word Viewer, Word | 2025-04-12 | 9.3 HIGH | N/A |
| Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability." | |||||
| CVE-2014-8661 | 1 Sap | 1 Customer Relationship Management Internet Sales | 2025-04-12 | 10.0 HIGH | N/A |
| The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-2089 | 1 Ilias | 1 Ilias | 2025-04-12 | 6.8 MEDIUM | N/A |
| ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. | |||||
| CVE-2016-7954 | 1 Bundler | 1 Bundler | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334. | |||||
| CVE-2014-3011 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors. | |||||
| CVE-2014-0248 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Web Framework Kit | 2025-04-12 | 6.8 MEDIUM | N/A |
| org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging. | |||||
| CVE-2016-7110 | 1 Huawei | 1 Uma | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109. | |||||
| CVE-2011-2702 | 1 Gnu | 2 Eglibc, Glibc | 2025-04-12 | 6.8 MEDIUM | N/A |
| Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function. | |||||
| CVE-2015-4338 | 1 Xcloner | 1 Xcloner | 2025-04-12 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php. | |||||
| CVE-2013-5036 | 1 Squash | 1 Square Squash | 2025-04-12 | 7.5 HIGH | N/A |
| The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb. | |||||
| CVE-2014-2196 | 1 Cisco | 1 Wide Area Application Services | 2025-04-12 | 9.3 HIGH | N/A |
| Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479. | |||||
| CVE-2014-6287 | 1 Rejetto | 1 Http File Server | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. | |||||
| CVE-2015-5242 | 1 Redhat | 1 Gluster Storage | 2025-04-12 | 6.0 MEDIUM | N/A |
| OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs). | |||||
| CVE-2014-3541 | 1 Moodle | 1 Moodle | 2025-04-12 | 7.5 HIGH | N/A |
| The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on. | |||||
| CVE-2014-3666 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 7.5 HIGH | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | |||||
| CVE-2013-6399 | 1 Qemu | 1 Qemu | 2025-04-12 | 7.5 HIGH | N/A |
| Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. | |||||
| CVE-2014-3942 | 1 Typo3 | 1 Typo3 | 2025-04-12 | 6.0 MEDIUM | N/A |
| The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object. | |||||
| CVE-2014-0233 | 1 Redhat | 1 Openshift | 2025-04-12 | 6.5 MEDIUM | N/A |
| Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | |||||