Opsview Web Management console allows to an authenticated administrator to test notifications that are triggered under certain configurable events.

The 'value' parameter is not properly sanitized, leading to an arbitrary command injection executed on the system with nagios user privileges.

Oracle WebLogic Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution.

SoftNAS Cloud is a software-defined NAS filer delivered as a virtual storage appliance that runs within public, private or hybrid clouds. SoftNAS Cloud provides enterprise-grade NAS capabilities, including encryption, snapshots, rapid rollbacks, and cross-zone high-availability with automatic failover.

A command injection vulnerability was found in the web administration console. In particular, snserv script did not sanitize some input parameters before executing a system command.

CMS Made Simple allows remote authenticated administrators to execute arbitrary PHP code via file upload using admin/moduleinterface.php

The specific flaw exists within the crUnpackTexGendv method. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to crash the VirtualBox process used for open the target.

Cisco UCS Manager contains a OS Command Injection vulnerability in /settings/ping function, which allows unauthenticated attackers to gain arbitrary code execution on the affected system.

QNAP Qcenter Virtual Appliance contains multiples vulnerabilities which allows authenticated attackers to gain arbitrary code execution on the affected system with root privileges.

Apache CouchDB contains an Authentication Bypass vulnerability and a OS Command Injection vulnerability, which allows attackers to gain arbitrary code execution on the affected system.

PhpCollab is vulnerable to an unauthenticated php remote file inclusion, allowing attackers to execute arbitrary php code in the system.

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.