Total
5169 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4823 | 1 Ibm | 5 Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance, Security Access Manager For Web 7.0 Firmware and 2 more | 2025-04-12 | 10.0 HIGH | N/A |
| The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. | |||||
| CVE-2014-1982 | 1 Alliedtelesis | 8 At-rg634a, At-rg634a Firmware, Img616lh and 5 more | 2025-04-12 | 10.0 HIGH | N/A |
| The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html. | |||||
| CVE-2016-6459 | 1 Cisco | 1 Telepresence Tc Software | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. | |||||
| CVE-2015-5672 | 1 Typemoon | 4 Fate\/hollow Ataraxia, Fate\/stay Night, Fate\/stay Night \+ Hollow Ataraxia Set and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data. | |||||
| CVE-2016-6373 | 1 Cisco | 1 Cloud Services Platform 2100 | 2025-04-12 | 9.0 HIGH | 7.2 HIGH |
| The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541. | |||||
| CVE-2016-1141 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2025-04-12 | 6.5 MEDIUM | 4.7 MEDIUM |
| KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2015-4244 | 1 Cisco | 1 Asr 5000 Series Software | 2025-04-12 | 7.2 HIGH | N/A |
| The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278. | |||||
| CVE-2015-4183 | 1 Cisco | 1 Unified Computing System | 2025-04-12 | 7.2 HIGH | N/A |
| Cisco UCS Central Software 1.2(1a) allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795. | |||||
| CVE-2015-4237 | 1 Cisco | 38 Mds 9100, Mds 9140, Mds 9500 and 35 more | 2025-04-12 | 4.6 MEDIUM | N/A |
| The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. | |||||
| CVE-2014-4868 | 1 Brocade | 2 Vyatta 5400 Vrouter, Vyatta 5400 Vrouter Software | 2025-04-12 | 9.0 HIGH | N/A |
| The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command. | |||||
| CVE-2015-7426 | 1 Ibm | 2 Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot | 2025-04-12 | 10.0 HIGH | 10.0 CRITICAL |
| The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2014-2565 | 1 Bluecoat | 2 Content Analysis System, Content Analysis System Software | 2025-04-12 | 6.5 MEDIUM | N/A |
| The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection." | |||||
| CVE-2015-4224 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-12 | 7.2 HIGH | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474. | |||||
| CVE-2015-5673 | 1 Isucon | 1 Isucon 5 Qualifier Eventapp | 2025-04-12 | 6.5 MEDIUM | N/A |
| eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command. | |||||
| CVE-2015-6370 | 1 Cisco | 1 Firepower Extensible Operating System | 2025-04-12 | 7.2 HIGH | N/A |
| The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578. | |||||
| CVE-2015-7253 | 1 Commvault | 1 Edge Server | 2025-04-12 | 10.0 HIGH | N/A |
| The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie. | |||||
| CVE-2016-5679 | 2 Netgear, Nuuo | 2 Readynas Surveillance, Nvrmini 2 | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command. | |||||
| CVE-2016-4965 | 1 Fortinet | 1 Fortiwan | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosis_control.php. | |||||
| CVE-2016-1000216 | 1 Ruckus | 1 Wireless H500 | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| Ruckus Wireless H500 web management interface authenticated command injection | |||||
| CVE-2016-6414 | 1 Cisco | 1 Ios | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options, aka Bug ID CSCuz59223. | |||||