Total
29603 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-0170 | 2 Jboss, Redhat | 2 Teiid, Jboss Data Virtualization | 2025-04-12 | N/A |
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. | ||||
CVE-2014-0152 | 2 Ovirt, Redhat | 3 Ovirt, Ovirt-engine, Rhev Manager | 2025-04-12 | N/A |
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | ||||
CVE-2013-7392 | 1 Gitlist | 1 Gitlist | 2025-04-12 | N/A |
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/. | ||||
CVE-2013-7446 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. | ||||
CVE-2014-0007 | 2 Redhat, Theforeman | 4 Openstack, Satellite, Satellite Capsule and 1 more | 2025-04-12 | N/A |
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. | ||||
CVE-2013-6919 | 1 Phpthumb Project | 1 Phpthumb | 2025-04-12 | N/A |
The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter. | ||||
CVE-2015-8262 | 1 Buffalotech | 2 Airstation Extreme N600, Airstation Extreme N600 Firmware | 2025-04-12 | N/A |
Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | ||||
CVE-2013-7323 | 1 Vinay Sajip | 1 Python-gnupg | 2025-04-12 | N/A |
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | ||||
CVE-2013-5671 | 1 Mark Evans | 1 Fog-dragonfly | 2025-04-12 | N/A |
lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
CVE-2013-6308 | 1 Ibm | 1 Marketing Platform | 2025-04-12 | N/A |
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. | ||||
CVE-2013-4468 | 1 Vicidial | 1 Vicidial | 2025-04-12 | N/A |
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php. | ||||
CVE-2013-4489 | 1 Gitlab | 1 Gitlab | 2025-04-12 | N/A |
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature. | ||||
CVE-2013-4490 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2025-04-12 | N/A |
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key. | ||||
CVE-2013-4546 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2025-04-12 | N/A |
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL. | ||||
CVE-2013-5353 | 1 Sharetronix | 1 Sharetronix | 2025-04-12 | N/A |
Unrestricted file upload vulnerability in system/controllers/ajax/attachments.php in Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
CVE-2013-2599 | 1 Codeaurora | 1 Android-msm | 2025-04-12 | N/A |
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption passwords via a logcat call. | ||||
CVE-2013-2603 | 1 Realnetworks | 1 Realarcade Installer | 2025-04-12 | N/A |
The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method. | ||||
CVE-2013-0733 | 1 Corel | 2 Paintshop Pro X5, Paintshop Pro X6 | 2025-04-12 | N/A |
Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 16.0.0.113, 15.2.0.2, and earlier allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jpg file. | ||||
CVE-2015-4488 | 5 Canonical, Mozilla, Opensuse and 2 more | 6 Ubuntu Linux, Firefox, Firefox Os and 3 more | 2025-04-12 | N/A |
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment. | ||||
CVE-2013-1851 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors. |