Search Results (6875 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-7313 3 Nagios, Redhat, Snoopy 3 Nagios, Openstack, Snoopy 2025-04-20 N/A
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
CVE-2008-7315 1 Cpan 1 Ui\ 2025-04-20 N/A
UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.
CVE-2008-7319 1 Net-ping-external Project 1 Net-ping-external 2025-04-20 N/A
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
CVE-2013-7377 1 Codem-transcode Project 1 Codem-transcode 2025-04-20 N/A
The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.
CVE-2017-6650 1 Cisco 10 Nexus 5548up, Nexus 5596t, Nexus 5596up and 7 more 2025-04-20 N/A
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.
CVE-2014-4677 1 Gpgtools 1 Libmacgpg 2025-04-20 N/A
The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.
CVE-2017-12692 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2025-04-20 N/A
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
CVE-2017-12691 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2025-04-20 N/A
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2014-8170 2 Ovirt, Redhat 2 Ovirt-node, Enterprise Virtualization 2025-04-20 N/A
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.
CVE-2017-13748 3 Debian, Fedoraproject, Jasper Project 3 Debian Linux, Fedora, Jasper 2025-04-20 7.5 High
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.
CVE-2017-15268 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2025-04-20 N/A
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
CVE-2017-1352 1 Ibm 1 Maximo Asset Management 2025-04-20 N/A
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
CVE-2017-15225 1 Gnu 1 Binutils 2025-04-20 N/A
_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.
CVE-2017-12676 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
CVE-2017-13648 1 Graphicsmagick 1 Graphicsmagick 2025-04-20 N/A
In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.
CVE-2015-2210 1 Epicor 1 Crs Retail Store 2025-04-20 N/A
The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.
CVE-2017-12675 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
CVE-2017-12673 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.
CVE-2015-4035 2 Redhat, Tukaani 2 Enterprise Linux, Xz 2025-04-20 N/A
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.
CVE-2015-4046 1 Alienvault 1 Open Source Security Information Management 2025-04-20 N/A
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.