Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4273 | 1 Systemtap | 1 Systemtap | 2023-02-13 | 10.0 HIGH | N/A |
| stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request. | |||||
| CVE-2014-3593 | 1 Scientificlinux | 1 Luci | 2023-02-13 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. | |||||
| CVE-2014-3496 | 1 Redhat | 2 Openshift, Openshift Origin | 2023-02-13 | 10.0 HIGH | N/A |
| cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. | |||||
| CVE-2014-0248 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Web Framework Kit | 2023-02-13 | 6.8 MEDIUM | N/A |
| org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging. | |||||
| CVE-2014-0233 | 1 Redhat | 1 Openshift | 2023-02-13 | 6.5 MEDIUM | N/A |
| Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme. | |||||
| CVE-2014-0057 | 1 Redhat | 2 Cloudforms, Cloudforms 3.0 Management Engine | 2023-02-13 | 7.5 HIGH | N/A |
| The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors. | |||||
| CVE-2013-4225 | 1 Restful Web Services Project | 1 Restful Web Services | 2023-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | |||||
| CVE-2011-4075 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2023-02-13 | 7.5 HIGH | N/A |
| The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011. | |||||
| CVE-2019-10182 | 2 Icedtea-web Project, Redhat | 6 Icedtea-web, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2023-02-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. | |||||
| CVE-2016-5402 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2023-02-12 | 9.0 HIGH | 8.8 HIGH |
| A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as. | |||||
| CVE-2022-38193 | 1 Esri | 1 Portal For Arcgis | 2023-02-10 | N/A | 9.6 CRITICAL |
| There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution. | |||||
| CVE-2023-0671 | 1 Froxlor | 1 Froxlor | 2023-02-10 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | |||||
| CVE-2023-23619 | 1 Lfprojects | 1 Modelina | 2023-02-06 | N/A | 8.8 HIGH |
| Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer's GitHub Security Advisory (GHSA) noting "It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior." The suggested workaround from the maintainers is "Fully custom presets that change the entire rendering process which can then escape the user input." | |||||
| CVE-2018-7801 | 1 Schneider-electric | 2 Evlink Parking, Evlink Parking Firmware | 2023-02-01 | 6.8 MEDIUM | 8.8 HIGH |
| A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. | |||||
| CVE-2016-10541 | 1 Shell-quote Project | 1 Shell-quote | 2023-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection. | |||||
| CVE-2020-8140 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2023-01-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | |||||
| CVE-2023-0022 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2023-01-18 | N/A | 8.8 HIGH |
| SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application. | |||||
| CVE-2008-1997 | 1 Ibm | 1 Db2 | 2023-01-17 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699. | |||||
| CVE-2023-0048 | 1 Daloradius | 1 Daloradius | 2023-01-10 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository lirantal/daloradius prior to master-branch. | |||||
| CVE-2022-47896 | 1 Jetbrains | 1 Intellij Idea | 2022-12-29 | N/A | 7.8 HIGH |
| In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. | |||||