Total
2087 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2265 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2024-08-06 | N/A |
| The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. | ||||
| CVE-2015-2051 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-08-06 | 9.8 Critical |
| The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | ||||
| CVE-2015-1986 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-08-06 | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938. | ||||
| CVE-2015-2011 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-08-06 | N/A |
| The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | ||||
| CVE-2015-1938 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-08-06 | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1986. | ||||
| CVE-2015-1949 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-08-06 | N/A |
| The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors. | ||||
| CVE-2015-1877 | 2 Debian, Freedesktop | 2 Debian Linux, Xdg-utils | 2024-08-06 | 8.8 High |
| The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file. | ||||
| CVE-2015-1815 | 3 Fedoraproject, Redhat, Selinux | 3 Fedora, Enterprise Linux, Setroubleshoot | 2024-08-06 | N/A |
| The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. | ||||
| CVE-2015-1561 | 1 Centreon | 1 Centreon | 2024-08-06 | N/A |
| The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | ||||
| CVE-2015-0934 | 1 Sharelatex | 1 Sharelatex | 2024-08-06 | N/A |
| Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | ||||
| CVE-2015-0857 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2024-08-06 | N/A |
| Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | ||||
| CVE-2015-0778 | 3 Fedoraproject, Opensuse, Suse | 3 Fedora, Opensuse, Opensuse Osc | 2024-08-06 | N/A |
| osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. | ||||
| CVE-2015-0538 | 1 Emc | 1 Autostart | 2024-08-06 | N/A |
| ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. | ||||
| CVE-2015-0296 | 2 Fedoraproject, Tug | 2 Fedora, Texlive | 2024-08-06 | N/A |
| The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. | ||||
| CVE-2015-0225 | 2 Apache, Redhat | 2 Cassandra, Jboss Operations Network | 2024-08-06 | N/A |
| The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. | ||||
| CVE-2016-1000282 | 1 Haraka Project | 1 Haraka | 2024-08-06 | N/A |
| Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. | ||||
| CVE-2016-1000156 | 1 Mailcwp Project | 1 Mailcwp | 2024-08-06 | N/A |
| Mailcwp remote file upload vulnerability incomplete fix v1.100 | ||||
| CVE-2016-20017 | 1 Dlink | 2 Dsl-2750b, Dsl-2750b Firmware | 2024-08-06 | 9.8 Critical |
| D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022. | ||||
| CVE-2016-10843 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
| cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). | ||||
| CVE-2016-10849 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
| cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). | ||||