Search Results (20405 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-6440 1 Libplist Project 1 Libplist 2025-04-20 N/A
The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.
CVE-2017-1000159 1 Gnome 1 Evince 2025-04-20 N/A
Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
CVE-2017-12862 2 Debian, Opencv 2 Debian Linux, Opencv 2025-04-20 8.8 High
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
CVE-2017-16921 2 Debian, Otrs 2 Debian Linux, Otrs 2025-04-20 N/A
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
CVE-2014-9938 2 Git-scm, Redhat 2 Git, Enterprise Linux 2025-04-20 8.8 High
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
CVE-2017-14644 1 Bento4 1 Bento4 2025-04-20 N/A
A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
CVE-2017-16641 1 Cacti 1 Cacti 2025-04-20 N/A
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2017-16926 1 Ohcount Project 1 Ohcount 2025-04-20 N/A
Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.
CVE-2017-14127 1 Technicolor 2 Td5336, Td5336 Firmware 2025-04-20 N/A
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.
CVE-2017-14647 1 Bento4 1 Bento4 2025-04-20 N/A
A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
CVE-2017-10806 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 5.5 Medium
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages.
CVE-2017-2275 1 Sony 2 Wg-c10, Wg-c10 Firmware 2025-04-20 N/A
WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
CVE-2017-11334 3 Debian, Qemu, Redhat 4 Debian Linux, Qemu, Enterprise Linux and 1 more 2025-04-20 4.4 Medium
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
CVE-2017-8260 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.
CVE-2016-6870 1 Facebook 1 Hhvm 2025-04-20 N/A
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVE-2017-2842 1 Foscam 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware 2025-04-20 8.8 High
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
CVE-2017-10902 1 Princeton 2 Ptw-wms1, Ptw-wms1 Firmware 2025-04-20 N/A
PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2017-11150 1 Synology 1 Office 2025-04-20 N/A
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.
CVE-2017-10811 1 Buffalo 2 Wcr-1166ds, Wcr-1166ds Firmware 2025-04-20 N/A
Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors.
CVE-2015-8666 2 Debian, Qemu 2 Debian Linux, Qemu 2025-04-20 7.9 High
Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.