Search Results (21034 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14119 1 Eyesofnetwork 1 Eyesofnetwork 2025-04-20 N/A
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.
CVE-2017-2520 2 Apple, Debian 5 Iphone Os, Mac Os X, Tvos and 2 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
CVE-2017-14127 1 Technicolor 2 Td5336, Td5336 Firmware 2025-04-20 N/A
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.
CVE-2017-14164 1 Uclouvain 1 Openjpeg 2025-04-20 8.8 High
A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.
CVE-2017-9806 1 Apache 1 Openoffice 2025-04-20 7.8 High
A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
CVE-2016-2147 3 Busybox, Canonical, Debian 3 Busybox, Ubuntu Linux, Debian Linux 2025-04-20 7.5 High
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
CVE-2017-5957 2 Qemu, Virglrenderer Project 2 Qemu, Virglrenderer 2025-04-20 5.5 Medium
Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.
CVE-2017-5173 1 Geutebrueck 2 Ip Camera G-cam Efd-2250, Ip Camera G-cam Efd-2250 Firmware 2025-04-20 9.8 Critical
An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.
CVE-2016-5209 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2016-5210 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2016-5313 1 Symantec 1 Web Gateway 2025-04-20 N/A
Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands.
CVE-2016-5802 1 Delta Electronics 3 Ispsoft, Pmsoft, Wplsoft 2025-04-20 N/A
An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software.
CVE-2017-5099 4 Debian, Google, Linux and 1 more 4 Debian Linux, Chrome, Linux Kernel and 1 more 2025-04-20 N/A
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page.
CVE-2017-5095 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Chrome and 6 more 2025-04-20 8.8 High
Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.
CVE-2017-3761 1 Lenovo 1 Service Framework 2025-04-20 N/A
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.
CVE-2017-3796 1 Cisco 1 Webex Meetings Server 2025-04-20 N/A
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6.
CVE-2017-14100 1 Digium 2 Asterisk, Certified Asterisk 2025-04-20 N/A
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.
CVE-2016-6870 1 Facebook 1 Hhvm 2025-04-20 N/A
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVE-2016-7392 1 Autotrace Project 1 Autotrace 2025-04-20 5.5 Medium
Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file.
CVE-2017-7476 1 Gnulib 1 Gnulib 2025-04-20 N/A
Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c.