Search Results (6815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8779 4 Libtirpc Project, Ntirpc Project, Redhat and 1 more 6 Libtirpc, Ntirpc, Ceph Storage and 3 more 2025-04-20 N/A
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
CVE-2017-8830 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8925 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 N/A
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
CVE-2017-8350 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-16931 1 Xmlsoft 1 Libxml2 2025-04-20 N/A
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
CVE-2017-17934 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2025-04-20 N/A
ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.
CVE-2016-9553 1 Sophos 1 Web Appliance 2025-04-20 N/A
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258.
CVE-2008-7313 3 Nagios, Redhat, Snoopy 3 Nagios, Openstack, Snoopy 2025-04-20 N/A
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
CVE-2008-7315 1 Cpan 1 Ui\ 2025-04-20 N/A
UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.
CVE-2008-7319 1 Net-ping-external Project 1 Net-ping-external 2025-04-20 N/A
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
CVE-2013-7377 1 Codem-transcode Project 1 Codem-transcode 2025-04-20 N/A
The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.
CVE-2014-5008 3 Debian, Redhat, Snoopy 3 Debian Linux, Openstack, Snoopy 2025-04-20 N/A
Snoopy allows remote attackers to execute arbitrary commands.
CVE-2014-5009 3 Nagios, Redhat, Snoopy 3 Nagios, Openstack, Snoopy 2025-04-20 N/A
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
CVE-2015-0296 2 Fedoraproject, Tug 2 Fedora, Texlive 2025-04-20 N/A
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.
CVE-2015-2857 1 Accellion 1 File Transfer Appliance 2025-04-20 9.8 Critical
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
CVE-2015-4035 2 Redhat, Tukaani 2 Enterprise Linux, Xz 2025-04-20 N/A
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.
CVE-2015-4046 1 Alienvault 1 Open Source Security Information Management 2025-04-20 N/A
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.
CVE-2015-5704 2 Devscripts Devel Team, Fedoraproject 2 Devscripts, Fedora 2025-04-20 N/A
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
CVE-2015-8257 1 Axis 11 Cannon Network Camera, Explosion-protected Camera, Fixed Box Camera and 8 more 2025-04-20 N/A
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
CVE-2016-10040 1 Qt 1 Qxmlsimplereader 2025-04-20 N/A
Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags.