Search Results (6818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3068 6 Debian, Fedoraproject, Mercurial and 3 more 15 Debian Linux, Fedora, Mercurial and 12 more 2025-04-12 N/A
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
CVE-2016-2332 1 Systech 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware 2025-04-12 N/A
flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter.
CVE-2016-7995 2 Opensuse, Qemu 2 Leap, Qemu 2025-04-12 6.0 Medium
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.
CVE-2014-3524 2 Apache, Libreoffice 2 Openoffice, Libreoffice 2025-04-12 N/A
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
CVE-2016-7166 3 Libarchive, Oracle, Redhat 10 Libarchive, Linux, Enterprise Linux and 7 more 2025-04-12 N/A
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
CVE-2015-3409 2 Canonical, Module-signature Project 2 Ubuntu Linux, Module-signature 2025-04-12 N/A
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
CVE-2016-10034 1 Zend 2 Zend-mail, Zend Framework 2025-04-12 N/A
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
CVE-2014-8090 2 Redhat, Ruby-lang 3 Enterprise Linux, Rhel Software Collections, Ruby 2025-04-12 N/A
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.
CVE-2015-2208 1 Avinu 1 Phpmoadmin 2025-04-12 N/A
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.
CVE-2015-7839 1 Solarwinds 1 Log And Event Manager 2025-04-12 N/A
SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality.
CVE-2015-4893 2 Oracle, Redhat 7 Jdk, Jre, Jrockit and 4 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911.
CVE-2016-0877 1 Moxa 2 Edr-g903, Edr-g903 Firmware 2025-04-12 7.5 High
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.
CVE-2016-0751 2 Redhat, Rubyonrails 3 Rhel Software Collections, Rails, Ruby On Rails 2025-04-12 N/A
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.
CVE-2014-8990 3 Debian, Fedoraproject, Lsyncd Project 3 Debian Linux, Fedora, Lsyncd 2025-04-12 N/A
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
CVE-2015-2846 1 Bittorrent 1 Sync 2025-04-12 N/A
BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link.
CVE-2016-4809 3 Libarchive, Oracle, Redhat 10 Libarchive, Linux, Enterprise Linux and 7 more 2025-04-12 N/A
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
CVE-2014-9277 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted string containing <cross-domain-policy> in a PHP format request, which causes the string length to change when converting the request to <NOT-cross-domain-policy>.
CVE-2020-36568 1 Revel 1 Revel 2025-04-11 7.5 High
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.
CVE-2022-44621 1 Apache 1 Kylin 2025-04-11 9.8 Critical
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
CVE-2010-2060 1 Wildbit 1 Beanstalkd 2025-04-11 N/A
The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c.