Total
2906 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-24816 | 1 Geosolutionsgroup | 1 Jai-ext | 2023-02-16 | 7.5 HIGH | 9.8 CRITICAL |
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath. | |||||
CVE-2013-6469 | 1 Redhat | 2 Jboss Fuse Service Works, Jboss Overlord Run Time Governance | 2023-02-12 | 6.5 MEDIUM | N/A |
JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details are obtained from third party information. | |||||
CVE-2013-6399 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image. | |||||
CVE-2013-4537 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image. | |||||
CVE-2013-4330 | 1 Apache | 1 Camel | 2023-02-12 | 6.8 MEDIUM | N/A |
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer. | |||||
CVE-2013-4172 | 1 Redhat | 1 Cloudforms Management Engine | 2023-02-12 | 8.5 HIGH | N/A |
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors. | |||||
CVE-2013-4151 | 1 Qemu | 1 Qemu | 2023-02-12 | 7.5 HIGH | N/A |
The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. | |||||
CVE-2013-2121 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2023-02-12 | 6.0 MEDIUM | N/A |
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute. | |||||
CVE-2012-5488 | 1 Plone | 1 Plone | 2023-02-12 | 5.0 MEDIUM | N/A |
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. | |||||
CVE-2012-5485 | 1 Plone | 1 Plone | 2023-02-12 | 6.8 MEDIUM | N/A |
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. | |||||
CVE-2012-4406 | 1 Openstack | 1 Swift | 2023-02-12 | 7.5 HIGH | N/A |
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. | |||||
CVE-2011-3378 | 1 Rpm | 1 Rpm | 2023-02-12 | 9.3 HIGH | N/A |
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c. | |||||
CVE-2010-3308 | 1 Xelerance | 1 Openswan | 2023-02-12 | 6.5 MEDIUM | N/A |
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field. | |||||
CVE-2010-2240 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.2 HIGH | N/A |
The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. | |||||
CVE-2010-2235 | 1 Michael Dehaan | 1 Cobbler | 2023-02-12 | 8.5 HIGH | N/A |
template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954. | |||||
CVE-2010-1622 | 2 Oracle, Springsource | 2 Fusion Middleware, Spring Framework | 2023-02-12 | 6.0 MEDIUM | N/A |
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file. | |||||
CVE-2012-0796 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.0 MEDIUM | N/A |
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header. | |||||
CVE-2008-1926 | 1 Linux | 1 Util-linux | 2023-02-12 | 7.5 HIGH | N/A |
Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." | |||||
CVE-2008-5517 | 1 Git | 1 Git | 2023-02-12 | 7.5 HIGH | N/A |
The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object. | |||||
CVE-2008-0600 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.2 HIGH | N/A |
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010. |