Export limit exceeded: 20912 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20912 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2845 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2025-04-20 | 8.8 High |
| An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution | ||||
| CVE-2017-2846 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2025-04-20 | 8.8 High |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | ||||
| CVE-2017-2847 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2025-04-20 | 8.8 High |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | ||||
| CVE-2017-12636 | 1 Apache | 1 Couchdb | 2025-04-20 | N/A |
| CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet. | ||||
| CVE-2017-2849 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2025-04-20 | 8.8 High |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | ||||
| CVE-2017-2850 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2025-04-20 | 8.8 High |
| In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | ||||
| CVE-2017-2863 | 1 Iceni | 1 Infix | 2025-04-20 | 7.8 High |
| An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. | ||||
| CVE-2017-3074 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2025-04-20 | 8.8 High |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-3100 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2025-04-20 | 6.5 Medium |
| Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure. | ||||
| CVE-2017-7863 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
| FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c. | ||||
| CVE-2017-4053 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-20 | N/A |
| Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. | ||||
| CVE-2017-5173 | 1 Geutebrueck | 2 Ip Camera G-cam Efd-2250, Ip Camera G-cam Efd-2250 Firmware | 2025-04-20 | 9.8 Critical |
| An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. | ||||
| CVE-2017-5329 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2025-04-20 | 7.8 High |
| Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation. | ||||
| CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2025-04-20 | N/A |
| ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | ||||
| CVE-2017-6182 | 1 Sophos | 1 Web Appliance | 2025-04-20 | N/A |
| In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304. | ||||
| CVE-2017-12581 | 1 Electron | 1 Electron | 2025-04-20 | N/A |
| GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call. | ||||
| CVE-2017-6223 | 1 Ruckus | 2 Zonedirector, Zonedirector Firmware | 2025-04-20 | N/A |
| Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system. | ||||
| CVE-2017-6891 | 3 Apache, Debian, Gnu | 3 Bookkeeper, Debian Linux, Libtasn1 | 2025-04-20 | 8.8 High |
| Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. | ||||
| CVE-2017-6970 | 2 Alienvault, Nfsen | 3 Ossim, Unified Security Management, Nfsen | 2025-04-20 | N/A |
| AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. | ||||
| CVE-2017-7294 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-20 | 7.8 High |
| The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. | ||||