Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9118 | 1 Dasanzhone | 2 Znid 2426a, Znid 2426a Firmware | 2024-08-06 | N/A |
| The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | ||||
| CVE-2014-8990 | 3 Debian, Fedoraproject, Lsyncd Project | 3 Debian Linux, Fedora, Lsyncd | 2024-08-06 | N/A |
| default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename. | ||||
| CVE-2014-8903 | 1 Ibm | 1 Curam Social Program Management | 2024-08-06 | N/A |
| IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors. | ||||
| CVE-2014-8888 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-08-06 | N/A |
| The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue." | ||||
| CVE-2014-8630 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2024-08-06 | N/A |
| Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name. | ||||
| CVE-2014-8517 | 2 Apple, Netbsd | 2 Mac Os X, Netbsd | 2024-08-06 | N/A |
| The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. | ||||
| CVE-2014-8515 | 1 Bittorrent | 1 Bittorrent | 2024-08-06 | N/A |
| The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000. | ||||
| CVE-2024-7177 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-08-06 | 8.8 High |
| A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272598 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7174 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-08-06 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setdeviceName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument deviceMac/deviceName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272595. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2014-8170 | 2 Ovirt, Redhat | 2 Ovirt-node, Enterprise Virtualization | 2024-08-06 | N/A |
| ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. | ||||
| CVE-2014-7285 | 1 Symantec | 1 Web Gateway | 2024-08-06 | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts. | ||||
| CVE-2014-7208 | 1 Gparted | 1 Gparted | 2024-08-06 | N/A |
| GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label. | ||||
| CVE-2014-7209 | 1 Debian | 1 Mime-support | 2024-08-06 | N/A |
| run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename. | ||||
| CVE-2014-6633 | 1 Tryton | 1 Tryton | 2024-08-06 | N/A |
| The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module. | ||||
| CVE-2014-6260 | 1 Zenoss | 1 Zenoss Core | 2024-08-06 | N/A |
| Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412. | ||||
| CVE-2014-6120 | 1 Ibm | 2 Rational Appscan Source, Security Appscan Source | 2024-08-06 | N/A |
| IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721. | ||||
| CVE-2014-5470 | 2024-08-06 | 9.8 Critical | ||
| Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation. | ||||
| CVE-2014-5220 | 2 Mdadm Project, Opensuse | 2 Mdadm, Opensuse | 2024-08-06 | N/A |
| The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root. | ||||
| CVE-2014-5009 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2024-08-06 | N/A |
| Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. | ||||
| CVE-2014-4982 | 1 Xorux | 1 Lpar2rrd | 2024-08-06 | 9.8 Critical |
| LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server. | ||||