Vulnerabilities (CVE)

CWE filter

CWE-116

Filter

12 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12675 1 Cisco 9 Firepower Threat Defense, Firepower 4110 Firmware, Firepower 4115 Firmware and 6 more 2019-10-09 7.2
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the...
CVE-2019-12674 1 Cisco 9 Firepower Threat Defense, Firepower 4110 Firmware, Firepower 4115 Firmware and 6 more 2019-10-09 7.2
Multiple vulnerabilities in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their FTD instance and execute commands with root privileges in the...
CVE-2019-9853 1 Libreoffice 1 Libreoffice 2019-10-06 6.8
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the...
CVE-2017-8303 1 Accellion 1 File Transfer Appliance 2019-10-03 7.5
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
CVE-2017-12340 1 Cisco 1 Nx-os 2019-10-03 4.6
A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an...
CVE-2017-12064 1 Open-emr 1 Openemr 2019-10-03 5.0
The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name.
CVE-2019-15944 2019-09-09 5.0
In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message.
CVE-2018-9246 2018-08-01 7.5
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(),...
CVE-2009-4267 1 Apache 1 Juddi 2018-03-18 4.0
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.
CVE-2014-9938 1 Git Project 1 Git 2018-01-05 6.8
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
CVE-2016-3063 1 Netapp 1 Oncommand System Manager 2017-11-16 4.4
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.
CVE-2016-2568 1 Freedesktop 1 Polkit 2017-03-09 4.4
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.