Search Results (6815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-2713 2 Gnome, Nalin Dahyabhai 2 Gnome-terminal, Vte 2025-04-11 N/A
The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.
CVE-2011-3288 1 Cisco 1 Unified Presence 2025-04-11 7.5 High
Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large number of nested entity references, aka Bug IDs CSCtq89842 and CSCtq88547, a similar issue to CVE-2003-1564.
CVE-2011-1755 4 Apple, Fedoraproject, Jabberd2 and 1 more 6 Mac Os X, Mac Os X Server, Fedora and 3 more 2025-04-11 7.5 High
jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVE-2009-5039 1 Cisco 1 Ios 2025-04-11 N/A
Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535.
CVE-2013-6478 2 Pidgin, Redhat 2 Pidgin, Enterprise Linux 2025-04-11 N/A
gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip.
CVE-2010-2008 3 Canonical, Fedoraproject, Oracle 3 Ubuntu Linux, Fedora, Mysql 2025-04-11 N/A
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
CVE-2013-4179 2 Openstack, Redhat 3 Compute, Havana, Openstack 2025-04-11 N/A
The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
CVE-2011-0419 10 Apache, Apple, Debian and 7 more 12 Http Server, Portable Runtime, Mac Os X and 9 more 2025-04-11 N/A
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
CVE-2010-2060 1 Wildbit 1 Beanstalkd 2025-04-11 N/A
The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c.
CVE-2024-27268 1 Ibm 1 Websphere Application Server 2025-04-10 5.9 Medium
IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.
CVE-2023-24467 2 Microfocus, Opentext 2 Imanager, Imanager 2025-04-10 8.8 High
Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.
CVE-2021-38117 2 Microfocus, Opentext 2 Imanager, Imanager 2025-04-10 8.8 High
Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
CVE-2024-11316 1 Abb 41 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 38 more 2025-04-10 7.5 High
Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2021-38116 2 Microfocus, Opentext 2 Imanager, Imanager 2025-04-10 8.8 High
Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5
CVE-2022-39084 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39083 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39082 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39081 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-04-10 6.7 Medium
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-32665 1 Mediatek 3 En7528, En7580, Linkit Software Development Kit 2025-04-10 9.8 Critical
In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.
CVE-2022-32664 1 Mediatek 7 En7516, En7528, En7529 and 4 more 2025-04-10 8.8 High
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.