UBUNTU-CVE-2017-5937

The utilformatispureuint function in vrendrenderer.c in Virgil 3d project aka virglrenderer 0.6.0 and earlier allows local guest OS users to cause a denial of service NULL pointer dereference via a crafted VIRGLCCMDCLEAR command...

CVE-2016-2984

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System GPFS 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program...

CVE-2016-2984

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System GPFS 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program...

Cisco IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability

A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System IPICS could allow an authenticated, local attacker to elevate the privilege level associated with their session. The vulnerability is due to insufficient input validation. An attacker could...

Command injection

WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN...

CVE-2016-7089

WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN...

The vulnerability of the automated system for managing technological processes, SIMATIC WinCC, allows authorized users to elevate their privileges.

The vulnerability of Siemens SIMATIC WinCC software relates to errors that occur when processing a specially crafted command on the database server. Exploiting this vulnerability allows authorized users to elevate their privileges within the database...

The vulnerability of the PHP interpreter allows attackers to execute arbitrary operating system commands.

The vulnerability of the escapeshellarg function ext/standard/exec.c in the PHP interpreter exists because measures to neutralize the special elements used in operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system...

CVE-2016-4477

wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...

The vulnerability of the IBM Tivoli Storage Manager FastBack data management software allows a hacker to execute arbitrary code.

The vulnerability of the IBM Tivoli Storage Manager FastBack data management server arises due to buffer overflow. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code using a specially crafted command...

CVE-2015-8521

Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522...

Buffer overflow

Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522...

CVE-2015-8521

Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522...

CVE-2015-4276

Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138...

CVE-2014-7288

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action...

CVE-2014-3153

The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification...

UBUNTU-CVE-2012-6647

The futexwaitrequeuepi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted...

CVE-2014-0741

The certificate-import feature in the Certificate Authority Proxy Function CAPF CLI implementation in Cisco Unified Communications Manager Unified CM 10.01 and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461...

Directory traversal

Directory traversal vulnerability in filesys in Cisco NX-OS 6.12 and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCty07270, CSCty07271, CSCty07273, and CSCty07275...

Integer overflow

Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service crash via a crafted 1 REQSUBNETSACCESSED or 2 REQCLIENTACCESSES command request to the PKLCommandLength function or crafted 3 RPYSUBNETSACCESSED, 4 RPYCLIENTACCESSES, 5...