Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8303 | 1 Accellion | 1 File Transfer Appliance | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. | |||||
| CVE-2017-12340 | 1 Cisco | 1 Nx-os | 2019-10-02 | 4.6 MEDIUM | 4.2 MEDIUM |
| A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513. | |||||
| CVE-2017-12064 | 1 Open-emr | 1 Openemr | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name. | |||||
| CVE-2019-15944 | 1 Valvesoftware | 1 Counter-strike\ | 2019-09-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message. | |||||
| CVE-2018-9246 | 2 Ledgersmb, Pgobject-util-dbadmin Project | 2 Ledgersmb, Pgobject-util-dbadmin | 2018-08-01 | 7.5 HIGH | 9.8 CRITICAL |
| The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application. | |||||
| CVE-2009-4267 | 1 Apache | 1 Juddi | 2018-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. | |||||
| CVE-2016-3063 | 1 Netapp | 1 Oncommand System Manager | 2017-11-15 | 4.4 MEDIUM | 7.5 HIGH |
| Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | |||||