ReportizFlow
Filtered by vendor
Subscriptions
Total
4659 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16905 | 2 Duolingo, Google | 2 Tinycards, Android | 2024-11-21 | N/A |
| The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack. | ||||
| CVE-2017-16670 | 1 Smartbear | 1 Soapui | 2024-11-21 | N/A |
| The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. | ||||
| CVE-2017-16151 | 1 Electronjs | 1 Electron | 2024-11-21 | N/A |
| Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled. | ||||
| CVE-2017-16100 | 1 Dns-sync Project | 1 Dns-sync | 2024-11-21 | N/A |
| dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible. | ||||
| CVE-2017-16082 | 1 Node-postgres | 1 Pg | 2024-11-21 | N/A |
| A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious. | ||||
| CVE-2017-16042 | 1 Growl Project | 1 Growl | 2024-11-21 | N/A |
| Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. | ||||
| CVE-2017-16020 | 1 Summit Project | 1 Summit | 2024-11-21 | 9.8 Critical |
| Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name. | ||||
| CVE-2017-14853 | 1 Orpak | 1 Siteomat | 2024-11-21 | N/A |
| The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device. | ||||
| CVE-2017-1002152 | 1 Redhat | 1 Bodhi | 2024-11-21 | 6.1 Medium |
| Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles. | ||||
| CVE-2017-1000480 | 1 Smarty | 1 Smarty | 2024-11-21 | N/A |
| Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. | ||||
| CVE-2016-9651 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-11-21 | N/A |
| A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | ||||
| CVE-2016-5402 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as. | ||||
| CVE-2016-4397 | 1 Hp | 1 Network Node Manager I | 2024-11-21 | N/A |
| A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. | ||||
| CVE-2016-4391 | 1 Hp | 1 Arcsight Winc Connector | 2024-11-21 | N/A |
| A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. | ||||
| CVE-2016-11064 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. | ||||
| CVE-2016-10548 | 1 Reduce-css-calc Project | 1 Reduce-css-calc | 2024-11-21 | N/A |
| Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function. | ||||
| CVE-2016-10546 | 1 Pouchdb | 1 Pouchdb | 2024-11-21 | N/A |
| An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands. | ||||
| CVE-2016-10541 | 1 Shell-quote Project | 1 Shell-quote | 2024-11-21 | 9.8 Critical |
| The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection. | ||||
| CVE-2015-9298 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 9.8 Critical |
| The events-manager plugin before 5.6 for WordPress has code injection. | ||||
| CVE-2015-9272 | 1 Videowhisper | 1 Video Presentation | 2024-11-21 | N/A |
| The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vw_upload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code. | ||||