Total
1690 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5349 | 1 Apache | 2 Directory Studio, Ldap Studio | 2023-11-07 | 9.3 HIGH | 7.8 HIGH |
| The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet. | |||||
| CVE-2015-20107 | 3 Fedoraproject, Netapp, Python | 5 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 2 more | 2023-11-07 | 8.0 HIGH | 7.6 HIGH |
| In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | |||||
| CVE-2015-0778 | 3 Fedoraproject, Opensuse, Suse | 3 Fedora, Opensuse, Opensuse Osc | 2023-11-07 | 7.5 HIGH | N/A |
| osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. | |||||
| CVE-2015-0225 | 1 Apache | 1 Cassandra | 2023-11-07 | 7.5 HIGH | N/A |
| The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | |||||
| CVE-2014-9114 | 3 Fedoraproject, Kernel, Opensuse | 3 Fedora, Util-linux, Opensuse | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | |||||
| CVE-2014-5220 | 2 Mdadm Project, Opensuse | 2 Mdadm, Opensuse | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. | |||||
| CVE-2014-4982 | 1 Xorux | 1 Lpar2rrd | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server. | |||||
| CVE-2011-4182 | 1 Opensuse | 1 Sysconfig | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1. | |||||
| CVE-2010-0136 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2023-11-07 | 9.3 HIGH | N/A |
| OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. | |||||
| CVE-2023-43322 | 1 Zpesystems | 1 Nodegrid Os | 2023-11-04 | N/A | 8.8 HIGH |
| ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. | |||||
| CVE-2023-31429 | 1 Broadcom | 1 Fabric Operating System | 2023-11-02 | N/A | 5.5 MEDIUM |
| Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal. | |||||
| CVE-2023-46370 | 1 Tenda | 2 W18e, W18e Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. | |||||
| CVE-2023-46424 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function. | |||||
| CVE-2023-46423 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function. | |||||
| CVE-2023-46422 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function. | |||||
| CVE-2023-46421 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function. | |||||
| CVE-2023-46420 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function. | |||||
| CVE-2023-46419 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function. | |||||
| CVE-2023-46418 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function. | |||||
| CVE-2023-46417 | 1 Totolink | 2 X6000r, X6000r Firmware | 2023-11-01 | N/A | 9.8 CRITICAL |
| TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function. | |||||