Search Results (6820 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10034 1 Zend 2 Zend-mail, Zend Framework 2025-04-12 N/A
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
CVE-2016-1000156 1 Mailcwp Project 1 Mailcwp 2025-04-12 N/A
Mailcwp remote file upload vulnerability incomplete fix v1.100
CVE-2015-6704 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-04-12 N/A
The animations property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via a function call, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, and CVE-2015-6703.
CVE-2016-0328 1 Ibm 1 Security Guardium Database Activity Monitor 2025-04-12 N/A
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors.
CVE-2016-0326 1 Ibm 2 Rational Collaborative Lifecycle Management, Rational Quality Manager 2025-04-12 N/A
IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."
CVE-2015-8877 3 Libgd, Php, Redhat 3 Libgd, Php, Rhel Software Collections 2025-04-12 N/A
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.
CVE-2015-6912 1 Synology 1 Video Station 2025-04-12 N/A
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.
CVE-2015-8327 4 Canonical, Debian, Linuxfoundation and 1 more 10 Ubuntu Linux, Debian Linux, Cups-filters and 7 more 2025-04-12 N/A
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
CVE-2015-7581 2 Redhat, Rubyonrails 2 Rhel Software Collections, Rails 2025-04-12 N/A
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an application's use of a wildcard controller route.
CVE-2015-7545 4 Canonical, Git Project, Opensuse and 1 more 6 Ubuntu Linux, Git, Opensuse and 3 more 2025-04-12 N/A
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
CVE-2015-7541 1 Colorscore Project 1 Colorscore 2025-04-12 N/A
The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to execute arbitrary code via shell metacharacters in the (1) image_path, (2) colors, or (3) depth variable.
CVE-2015-7540 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 7.5 High
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.
CVE-2014-8333 2 Openstack, Redhat 3 Nova, Enterprise Linux, Openstack 2025-04-12 N/A
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
CVE-2014-4336 1 Linuxfoundation 1 Cups-filters 2025-04-12 N/A
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
CVE-2014-8515 1 Bittorrent 1 Bittorrent 2025-04-12 N/A
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000.
CVE-2014-8990 3 Debian, Fedoraproject, Lsyncd Project 3 Debian Linux, Fedora, Lsyncd 2025-04-12 N/A
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
CVE-2014-9030 3 Debian, Opensuse, Xen 3 Debian Linux, Opensuse, Xen 2025-04-12 N/A
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
CVE-2014-9144 1 Technicolor 1 Td5130 Router Firmware 2025-04-12 N/A
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
CVE-2015-0778 3 Fedoraproject, Opensuse, Suse 3 Fedora, Opensuse, Opensuse Osc 2025-04-12 N/A
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.
CVE-2014-3696 2 Pidgin, Redhat 2 Pidgin, Enterprise Linux 2025-04-12 N/A
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.