Export limit exceeded: 11910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5920 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-10810 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | 7.5 High |
| Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures. | ||||
| CVE-2017-6653 | 1 Cisco | 1 Identity Services Engine | 2025-04-20 | N/A |
| A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803. | ||||
| CVE-2017-7377 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 6.0 Medium |
| The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. | ||||
| CVE-2017-7392 | 2 Redhat, Tigervnc | 2 Enterprise Linux, Tigervnc | 2025-04-20 | N/A |
| In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. | ||||
| CVE-2017-0612 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845. | ||||
| CVE-2017-8188 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | N/A |
| FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution. | ||||
| CVE-2017-8193 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | N/A |
| The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands. | ||||
| CVE-2015-9059 | 1 Picocom Project | 1 Picocom | 2025-04-20 | N/A |
| picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely. | ||||
| CVE-2017-8197 | 1 Huawei | 1 Fusionsphere | 2025-04-20 | N/A |
| FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands. | ||||
| CVE-2017-8201 | 1 Huawei | 6 Max Presence, Max Presence Firmware, Tp3106 and 3 more | 2025-04-20 | N/A |
| MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition. | ||||
| CVE-2017-8253 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. | ||||
| CVE-2016-9683 | 1 Dell | 1 Sonicwall Secure Remote Access Server | 2025-04-20 | N/A |
| The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195. | ||||
| CVE-2016-9682 | 1 Dell | 1 Sonicwall Secure Remote Access Server | 2025-04-20 | N/A |
| The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. | ||||
| CVE-2010-5321 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.3 Medium |
| Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf. | ||||
| CVE-2017-8925 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | N/A |
| The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. | ||||
| CVE-2017-8353 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | N/A |
| In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| CVE-2015-8988 | 1 Mcafee | 1 Epo Deep Command | 2025-04-20 | N/A |
| Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path. | ||||
| CVE-2017-8309 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Openstack | 2025-04-20 | 7.5 High |
| Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | ||||
| CVE-2016-9554 | 1 Sophos | 1 Web Appliance | 2025-04-20 | N/A |
| The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. The command that calls to that vulnerable page (passed in the 'section' parameter) is: 'configuration'. Exploitation of this vulnerability yields shell access to the remote machine under the 'spiderman' user account. | ||||
| CVE-2016-9553 | 1 Sophos | 1 Web Appliance | 2025-04-20 | N/A |
| The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258. | ||||