Search Results (6823 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10149 3 Debian, Pysaml2 Project, Redhat 3 Debian Linux, Pysaml2, Openstack 2025-04-20 N/A
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
CVE-2017-9936 3 Canonical, Debian, Libtiff 3 Ubuntu Linux, Debian Linux, Libtiff 2025-04-20 N/A
In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
CVE-2017-9815 2 Canonical, Libtiff 2 Ubuntu Linux, Libtiff 2025-04-20 N/A
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.
CVE-2017-9778 1 Gnu 1 Gdb 2025-04-20 N/A
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.
CVE-2017-12418 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.
CVE-2017-15889 1 Synology 1 Diskstation Manager 2025-04-20 N/A
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVE-2017-16672 1 Digium 2 Asterisk, Certified Asterisk 2025-04-20 N/A
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.
CVE-2017-13648 1 Graphicsmagick 1 Graphicsmagick 2025-04-20 N/A
In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.
CVE-2017-12756 1 Extplorer 1 Extplorer 2025-04-20 N/A
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter.
CVE-2008-7315 1 Cpan 1 Ui\ 2025-04-20 N/A
UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.
CVE-2017-15225 1 Gnu 1 Binutils 2025-04-20 N/A
_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.
CVE-2017-11703 1 Libming 1 Ming 2025-04-20 N/A
A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-8343 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-1352 1 Ibm 1 Maximo Asset Management 2025-04-20 N/A
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
CVE-2017-9374 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2025-04-20 5.5 Medium
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
CVE-2017-11610 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Cloudforms and 2 more 2025-04-20 N/A
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
CVE-2015-6024 1 Netcommwireless 2 Hspa 3g10wve, Hspa 3g10wve Firmware 2025-04-20 N/A
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.
CVE-2017-9350 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
CVE-2017-11752 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2014-8903 1 Ibm 1 Curam Social Program Management 2025-04-20 N/A
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.