| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges. |
| Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. |
| cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability. |
| Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). |
| The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. |
| Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. |
| libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. |
| fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer. |
| slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection. |
| Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. |
| Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. |
| GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. |
| Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while destroying gpu resource object in 'virtio_gpu_resource_destroy'. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host. |
| osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. |
| Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736. |
| The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. |
| Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. |
| fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts. |
| The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. |
| The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. |
