Vulnerabilities (CVE)

CWE filter

CWE-116

Filter

7 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-15944 2019-09-09 5.0
In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message.
CVE-2018-9246 2018-08-01 7.5
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(),...
CVE-2009-4267 1 Apache 1 Juddi 2018-03-18 4.0
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.
CVE-2014-9938 1 Git Project 1 Git 2018-01-05 6.8
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
CVE-2016-3063 1 Netapp 1 Oncommand System Manager 2017-11-16 4.4
Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors.
CVE-2017-8303 1 Accellion 1 File Transfer Appliance 2017-05-17 7.5
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
CVE-2016-2568 1 Freedesktop 1 Polkit 2017-03-09 4.4
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.