Total
4545 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7901 | 1 Infinite Automation Systems | 1 Mango Automation | 2025-04-12 | N/A |
| Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-4183 | 1 Cisco | 1 Unified Computing System | 2025-04-12 | N/A |
| Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. | ||||
| CVE-2015-2955 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2025-04-12 | N/A |
| Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-2844 | 1 Goautodial | 1 Goadmin Ce | 2025-04-12 | N/A |
| The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. | ||||
| CVE-2015-4186 | 1 Cisco | 1 Virtualization Experience Client 6000 Series Firmware | 2025-04-12 | N/A |
| The diagnostics subsystem in the administrative web interface on Cisco Virtualization Experience (aka VXC) Client 6215 devices with firmware 11.2(27.4) allows local users to gain privileges for OS command execution via a crafted option value, aka Bug ID CSCug54412. | ||||
| CVE-2016-0325 | 1 Ibm | 1 Rational Team Concert | 2025-04-12 | N/A |
| IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allow remote authenticated users to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2014-2959 | 2 Dell, Quantum | 4 Powervault Ml6000, Powervault Ml6000 Firmware, Scalar I500 and 1 more | 2025-04-12 | N/A |
| logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter. | ||||
| CVE-2014-1987 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2015-8557 | 2 Canonical, Pygments | 2 Ubuntu Linux, Pygments | 2025-04-12 | N/A |
| The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. | ||||
| CVE-2014-1982 | 1 Alliedtelesis | 8 At-rg634a, At-rg634a Firmware, Img616lh and 5 more | 2025-04-12 | N/A |
| The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | ||||
| CVE-2015-0977 | 1 Network Vision | 1 Intravue | 2025-04-12 | N/A |
| Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2014-9727 | 1 Avm | 1 Fritz\!box | 2025-04-12 | N/A |
| AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | ||||
| CVE-2016-1468 | 1 Cisco | 1 Telepresence Video Communication Server | 2025-04-12 | N/A |
| The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531. | ||||
| CVE-2016-1000216 | 1 Ruckus | 1 Wireless H500 | 2025-04-12 | N/A |
| Ruckus Wireless H500 web management interface authenticated command injection | ||||
| CVE-2014-3686 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. | ||||
| CVE-2014-5502 | 1 Cyberoam | 1 Cyberoam Os | 2025-04-12 | N/A |
| The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode. | ||||
| CVE-2014-7253 | 1 Fujitsu | 4 Arrows Kiss F-03d, Arrows Tab Lte F-01d, F-12c and 1 more | 2025-04-12 | N/A |
| FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2014-6278 | 1 Gnu | 1 Bash | 2025-04-12 | N/A |
| GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | ||||
| CVE-2014-6434 | 1 Gopro | 2 Gopro Hero, Gopro Hero Firmware | 2025-04-12 | N/A |
| gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action. | ||||
| CVE-2014-7169 | 17 Apple, Arista, Canonical and 14 more | 90 Mac Os X, Eos, Ubuntu Linux and 87 more | 2025-04-12 | 9.8 Critical |
| GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. | ||||