Integer overflow in certain command arguments can drive Redis to OOM panic

...

CVE-2022-39260

Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the...

The vulnerability of the Adobe Photoshop CC graphic editor lies in insufficient validation of arguments passed to commands, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Photoshop CC graphic editor is related to insufficient testing of arguments passed to commands. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user...

Input validation

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to...

CVE-2021-1448 Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to...

CVE-2021-1448 Cisco Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to...

Design/Logic Flaw

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of th...

CVE-2021-1423

A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points AP could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit...

The vulnerability of the ePolicy Orchestrator extension of the McAfee Data Loss Prevention Endpoint software allows a perpetrator to execute arbitrary code.

The vulnerability of the ePolicy Orchestrator extension of the McAfee Data Loss Prevention Endpoint software relates to insufficient validation of arguments passed to the command. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Input validation

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacke...

PSF-2017-8 Environment variables injection in subprocess on Windows

On Windows, prevent passing invalid environment variables and command arguments to subprocess.Popen. It is possible to inject an environment variable in subprocess on Windows if a user data is passed to a subprocess via environment variable. Check for invalid environment variable names containing...

CVE-2017-6650

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An...

CVE-2017-6650

A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An...

MollenSoft Lightweight FTP Server 3.6 - Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10429/info Lightweight FTP Server is prone to a remote buffer overflow vulnerability. This vulnerability can potentially allow a remote attacker to execute arbitrary code in the context of the server process. This issue...

DEBIAN-CVE-2012-2240

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."...

GNU inetutils 1.8-1 FTP Client Heap Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: GNU inetutils 1.8-1 ftp client Heap Overflow Date: Dec 07 2010 Author: Rew Software Link: http://ftp.gnu.org/gnu/inetutils/inetutils-1.8.tar.gz Version: 1.8-1 Tested on: Arch Linux up to date CVE: NA 0day...

Buffer overflow

Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified "command arguments."...

CVE-2007-4656

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than...

Mollensoft Lightweight FTP Server 3.6 - Remote Denial of Service

Mollensoft Lightweight FTP Server 3.6 - Remote Denial of Service source: https://www.securityfocus.com/bid/10409/info A denial of service condition is reported to exist in the MollenSoft Lightweight FTP Server that may allow a remote user to deny service to legitimate FTP users. The vulnerability...