Search Results (6800 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-9059 1 Picocom Project 1 Picocom 2025-04-20 N/A
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.
CVE-2017-16892 1 Bftpd Project 1 Bftpd 2025-04-20 N/A
In Bftpd before 4.7, there is a memory leak in the file rename function.
CVE-2017-9404 3 Canonical, Debian, Libtiff 3 Ubuntu Linux, Debian Linux, Libtiff 2025-04-20 N/A
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2016-6655 1 Cloudfoundry 2 Cf-mysql-release, Cf-release 2025-04-20 N/A
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.
CVE-2016-6649 1 Emc 2 Recoverpoint, Recoverpoint For Virtual Machines 2025-04-20 N/A
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root.
CVE-2017-3526 2 Oracle, Redhat 5 Jdk, Jre, Jrockit and 2 more 2025-04-20 N/A
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2017-9039 1 Gnu 1 Binutils 2025-04-20 N/A
GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.
CVE-2017-2312 1 Juniper 1 Junos 2025-04-20 N/A
On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based devices with either IPv4 or IPv6 LDP enabled via the [protocols ldp] configuration (the native IPv6 support for LDP is available in Junos OS 16.1 and higher). The interface on which the packet arrives needs to have LDP enabled. The affected Junos versions are: 13.3 prior to 13.3R10; 14.1 prior to 14.1R8; 14.2 prior to 14.2R7-S6 or 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5; 15.1X49 before 15.1X49-D70; 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 before 16.1R2. 16.2R1 and all subsequent releases have a resolution for this vulnerability.
CVE-2017-8925 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 N/A
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
CVE-2017-15889 1 Synology 1 Diskstation Manager 2025-04-20 N/A
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVE-2017-5526 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 6.5 Medium
Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
CVE-2017-15940 1 Paloaltonetworks 1 Pan-os 2025-04-20 N/A
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2017-8135 1 Huawei 1 Fusionsphere Openstack 2025-04-20 N/A
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
CVE-2017-8133 1 Huawei 1 Neteco 2025-04-20 N/A
Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a command injection vulnerability. An authenticated, remote attacker could exploit this vulnerability to send malicious packets to a target device. Successful exploit could enable a low privileged user to execute commands that a high privileged user could execute, causing the files to be tampered with or deleted.
CVE-2017-8131 1 Huawei 1 Fusionsphere Openstack 2025-04-20 N/A
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
CVE-2017-15593 1 Xen 1 Xen 2025-04-20 N/A
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
CVE-2017-14684 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
CVE-2017-7722 1 Solarwinds 1 Log \& Event Manager 2025-04-20 N/A
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.
CVE-2017-15217 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2025-04-20 N/A
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
CVE-2017-15189 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.