Search Results (21067 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-0120 1 Google 1 Android 2026-04-16 9.8 Critical
In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0122 1 Google 1 Android 2026-04-16 8.4 High
In multiple places, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0123 1 Google 1 Android 2026-04-16 8.4 High
In EfwApTransport::ProcessRxRing of efw_ap_transport.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-3913 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-04-16 8.8 High
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-3920 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-04-16 8.8 High
Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-5208 1 Coolercontrol 1 Coolercontrold 2026-04-16 8.2 High
Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names
CVE-2001-1583 1 Sun 1 Sunos 2026-04-16 N/A
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
CVE-1999-0067 2 Apache, Ncsa 2 Http Server, Ncsa Httpd 2026-04-16 N/A
phf CGI program allows remote command execution through shell metacharacters.
CVE-2002-1898 1 Apple 2 Mac Os X, Terminal 2026-04-16 N/A
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window.
CVE-2004-1189 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2026-04-16 N/A
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
CVE-2002-2227 1 Rtfm 1 Ssldump 2026-04-16 N/A
Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.
CVE-2006-0325 1 Etomite 1 Etomite 2026-04-16 N/A
Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter.
CVE-2006-2362 1 Gnu 1 Binutils 2026-04-16 7.3 High
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
CVE-1999-0043 6 Bsdi, Caldera, Isc and 3 more 7 Bsd Os, Openlinux, Inn and 4 more 2026-04-16 9.8 Critical
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
CVE-2002-1660 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter.
CVE-2005-0560 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
CVE-2006-4482 4 Canonical, Debian, Php and 1 more 5 Ubuntu Linux, Debian Linux, Php and 2 more 2026-04-16 N/A
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
CVE-2004-0398 3 Debian, Redhat, Webdav 4 Debian Linux, Enterprise Linux, Cadaver and 1 more 2026-04-16 N/A
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
CVE-2003-0041 3 Mandrakesoft, Mit, Redhat 5 Mandrake Linux, Mandrake Multi Network Firewall, Kerberos Ftp Client and 2 more 2026-04-16 N/A
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
CVE-2002-0061 1 Apache 1 Http Server 2026-04-16 N/A
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.