Total
3568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1602 | 1 Suse | 3 Linux Enterprise Desktop, Linux Enterprise Server, Suse Linux Enterprise Server | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | |||||
| CVE-2016-4895 | 1 Setucocms Project | 1 Setucocms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors. | |||||
| CVE-2017-6455 | 1 Ntp | 1 Ntp | 2024-02-04 | 4.4 MEDIUM | 7.0 HIGH |
| NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | |||||
| CVE-2016-7787 | 2 Kde, Opensuse | 3 Kde-cli-tools, Leap, Opensuse | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | |||||
| CVE-2017-7694 | 1 Getsymphony | 1 Symphony | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor. | |||||
| CVE-2017-2968 | 1 Adobe | 1 Campaign | 2024-02-04 | 7.5 HIGH | 9.1 CRITICAL |
| Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. | |||||
| CVE-2017-4964 | 1 Cloudfoundry | 1 Bosh Azure Cpi | 2024-02-04 | 4.6 MEDIUM | 8.8 HIGH |
| Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | |||||
| CVE-2016-7102 | 1 Owncloud | 1 Owncloud Desktop Client | 2024-02-04 | 4.6 MEDIUM | 8.4 HIGH |
| ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | |||||
| CVE-2016-5726 | 1 Simplemachines | 1 Simple Machines Forum | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | |||||
| CVE-2017-5543 | 1 Intelliants | 1 Subrion | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. | |||||
| CVE-2016-2242 | 1 Exponentcms | 1 Exponent Cms | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | |||||
| CVE-2016-7967 | 1 Kde | 1 Kmail | 2024-02-04 | 5.8 MEDIUM | 8.1 HIGH |
| KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled. | |||||
| CVE-2016-10157 | 1 Akamai | 1 Netsession | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space. | |||||
| CVE-2016-5424 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-02-04 | 4.6 MEDIUM | 7.1 HIGH |
| PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. | |||||
| CVE-2017-7402 | 1 Lucidcrew | 1 Pixie | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg. | |||||
| CVE-2017-7625 | 1 Fiyo | 1 Fiyo Cms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | |||||
| CVE-2016-8354 | 1 Schneider-electric | 1 Unity Pro | 2024-02-04 | 5.1 MEDIUM | 7.0 HIGH |
| An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions. | |||||
| CVE-2016-6175 | 1 Php-gettext Project | 1 Php-gettext | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. | |||||
| CVE-2014-3582 | 1 Apache | 1 Ambari | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | |||||
| CVE-2016-8020 | 1 Mcafee | 1 Virusscan Enterprise | 2024-02-04 | 6.0 MEDIUM | 8.0 HIGH |
| Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. | |||||