Search Results (6821 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-0741 2 Fedoraproject, Redhat 6 389 Directory Server, Enterprise Linux, Enterprise Linux Desktop and 3 more 2025-04-12 N/A
slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.
CVE-2014-7208 1 Gparted 1 Gparted 2025-04-12 N/A
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
CVE-2014-7209 1 Debian 1 Mime-support 2025-04-12 N/A
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
CVE-2014-8602 4 Canonical, Debian, Nlnetlabs and 1 more 4 Ubuntu Linux, Debian Linux, Unbound and 1 more 2025-04-12 N/A
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
CVE-2014-8630 2 Fedoraproject, Mozilla 2 Fedora, Bugzilla 2025-04-12 N/A
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.
CVE-2014-9144 1 Technicolor 1 Td5130 Router Firmware 2025-04-12 N/A
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
CVE-2015-2846 1 Bittorrent 1 Sync 2025-04-12 N/A
BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link.
CVE-2014-9682 1 Dns-sync Project 1 Dns-sync 2025-04-12 N/A
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.
CVE-2015-0221 2 Canonical, Djangoproject 2 Ubuntu Linux, Django 2025-04-12 N/A
The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.
CVE-2015-0225 2 Apache, Redhat 2 Cassandra, Jboss Operations Network 2025-04-12 N/A
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.
CVE-2015-1815 3 Fedoraproject, Redhat, Selinux 3 Fedora, Enterprise Linux, Setroubleshoot 2025-04-12 N/A
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
CVE-2015-2011 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
CVE-2015-2265 2 Canonical, Linuxfoundation 2 Ubuntu Linux, Cups-filters 2025-04-12 N/A
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
CVE-2015-3408 2 Canonical, Module-signature Project 2 Ubuntu Linux, Module-signature 2025-04-12 N/A
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
CVE-2015-3409 2 Canonical, Module-signature Project 2 Ubuntu Linux, Module-signature 2025-04-12 N/A
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
CVE-2015-3678 1 Apple 1 Mac Os X 2025-04-12 N/A
AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands.
CVE-2015-4749 2 Oracle, Redhat 7 Jdk, Jre, Jrockit and 4 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.
CVE-2015-4525 1 Emc 1 Isilon Onefs 2025-04-12 N/A
The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
CVE-2016-9835 1 Zikula 1 Zikula Application Framework 2025-04-12 N/A
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.
CVE-2016-9685 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-12 N/A
Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.