Total
4291 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8389 | 1 Airlive | 10 Bu-2015, Bu-2015 Firmware, Bu-3026 and 7 more | 2024-11-21 | N/A |
| cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests. | ||||
| CVE-2014-8387 | 1 Advantech | 2 Eki-6340, Eki-6340 Firmware | 2024-11-21 | N/A |
| cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. | ||||
| CVE-2014-8334 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2024-11-21 | N/A |
| The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable. | ||||
| CVE-2014-8126 | 2 Redhat, Wisc | 2 Enterprise Mrg, Htcondor | 2024-11-21 | 8.8 High |
| The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. | ||||
| CVE-2014-7844 | 3 Bsd Mailx Project, Debian, Redhat | 9 Bsd Mailx, Debian Linux, Enterprise Linux and 6 more | 2024-11-21 | 7.8 High |
| BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address. | ||||
| CVE-2014-7269 | 1 Asus | 10 Rt-ac56s, Rt-ac56s Firmware, Rt-ac68u and 7 more | 2024-11-21 | N/A |
| ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier, RT-AC68U routers with firmware 3.0.0.4.376.3715 and earlier, RT-AC56S routers with firmware 3.0.0.4.376.3715 and earlier, RT-N66U routers with firmware 3.0.0.4.376.3715 and earlier, and RT-N56U routers with firmware 3.0.0.4.376.3715 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2014-7253 | 1 Fujitsu | 4 Arrows Kiss F-03d, Arrows Tab Lte F-01d, F-12c and 1 more | 2024-11-21 | N/A |
| FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2014-7173 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2024-11-21 | 9.8 Critical |
| FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. | ||||
| CVE-2014-6434 | 1 Gopro | 2 Gopro Hero, Gopro Hero Firmware | 2024-11-21 | N/A |
| gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action. | ||||
| CVE-2014-6278 | 1 Gnu | 1 Bash | 2024-11-21 | N/A |
| GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277. | ||||
| CVE-2014-6277 | 1 Gnu | 1 Bash | 2024-11-21 | N/A |
| GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. | ||||
| CVE-2014-5502 | 1 Cyberoam | 1 Cyberoam Os | 2024-11-21 | N/A |
| The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveuser_delete, or (4) ccc_flush_sql_file opcode. | ||||
| CVE-2014-4981 | 1 Xorux | 1 Lpar2rrd | 2024-11-21 | 9.8 Critical |
| LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. | ||||
| CVE-2014-4868 | 1 Brocade | 2 Vyatta 5400 Vrouter, Vyatta 5400 Vrouter Software | 2024-11-21 | N/A |
| The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command. | ||||
| CVE-2014-4823 | 1 Ibm | 5 Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance, Security Access Manager For Web 7.0 Firmware and 2 more | 2024-11-21 | N/A |
| The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors. | ||||
| CVE-2014-4326 | 1 Elastic | 1 Logstash | 2024-11-21 | N/A |
| Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/. | ||||
| CVE-2014-3883 | 1 Webmin | 1 Usermin | 2024-11-21 | N/A |
| Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | ||||
| CVE-2014-3686 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2024-11-21 | N/A |
| wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. | ||||
| CVE-2014-3496 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-11-21 | N/A |
| cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. | ||||
| CVE-2014-3418 | 1 Infoblox | 1 Netmri | 2024-11-21 | N/A |
| config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. | ||||