Total
3837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | |||||
| CVE-2017-3936 | 1 Mcafee | 1 Epolicy Orchestrator | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | |||||
| CVE-2017-14867 | 2 Debian, Git-scm | 2 Debian Linux, Git | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. | |||||
| CVE-2017-12636 | 1 Apache | 1 Couchdb | 2023-11-07 | 9.0 HIGH | 7.2 HIGH |
| CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet. | |||||
| CVE-2016-7844 | 1 Gigaccsecure | 1 Gigacc Office | 2023-11-07 | 6.0 MEDIUM | 5.5 MEDIUM |
| GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template. | |||||
| CVE-2015-4642 | 2 Microsoft, Php | 2 Windows, Php | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. | |||||
| CVE-2014-9727 | 1 Avm | 1 Fritz\!box | 2023-11-07 | 10.0 HIGH | N/A |
| AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. | |||||
| CVE-2013-6041 | 1 Softaculous | 1 Webuzo | 2023-11-07 | 7.5 HIGH | N/A |
| index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. | |||||
| CVE-2023-46117 | 1 Six2dez | 1 Reconftw | 2023-10-28 | N/A | 8.8 HIGH |
| reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-33839 | 1 Ibm | 1 Security Verify Governance | 2023-10-28 | N/A | 8.8 HIGH |
| IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. | |||||
| CVE-2023-43066 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2023-10-28 | N/A | 7.8 HIGH |
| Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. | |||||
| CVE-2023-23373 | 1 Qnap | 1 Qusbcam2 | 2023-10-26 | N/A | 8.8 HIGH |
| An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 ( 2023/06/15 ) and later | |||||
| CVE-2023-40145 | 1 Weintek | 14 Cmt-fhd, Cmt-fhd Firmware, Cmt-hdm and 11 more | 2023-10-26 | N/A | 8.8 HIGH |
| In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device. | |||||
| CVE-2023-2564 | 1 Scanservjs Project | 1 Scanservjs | 2023-10-25 | N/A | 10.0 CRITICAL |
| OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | |||||
| CVE-2020-2261 | 1 Jenkins | 1 Perfecto | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller | |||||
| CVE-2020-2159 | 1 Jenkins | 1 Cryptomove | 2023-10-25 | 9.0 HIGH | 8.8 HIGH |
| Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | |||||
| CVE-2020-2276 | 1 Jenkins | 1 Selection Tasks | 2023-10-25 | 9.0 HIGH | 8.8 HIGH |
| Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as. | |||||
| CVE-2019-10392 | 1 Jenkins | 1 Git Client | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | |||||
| CVE-2020-2200 | 1 Jenkins | 1 Play Framework | 2023-10-25 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins master. | |||||
| CVE-2023-3991 | 1 Freshtomato | 1 Freshtomato | 2023-10-20 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||