DEBIAN-CVE-2021-47442

In the Linux kernel, the following vulnerability has been resolved: NFC: digital: fix possible memory leak in digitalinsendsddreq 'skb' is allocated in digitalinsendsddreq, but not free when digitalinsendcmd failed, which will cause memory leak. Fix it by freeing 'skb' if digitalinsendcmd return...

CVE-2018-15667

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use it...

Back In Time: Command injection

Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...

CVE-2017-16667

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

Input validation

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

CVE-2017-16667

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

DEBIAN-CVE-2015-8476

Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an 1 email address to the validateAddress function in class.phpmailer.php or 2 SMTP command to the sendCommand function in class.smtp.php, a different...

CVE-2013-0308

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2013-0308

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2011-1828

usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command...

DEBIAN-CVE-2006-2200

Stack-based buffer overflow in libmms, as used by a MiMMS 0.0.9 and b xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via the 1 sendcommand, 2 stringutf16, 3 getdata, and 4 getmediapacket functions, and possibl...

Stack overflow

Stack-based buffer overflow in libmms, as used by a MiMMS 0.0.9 and b xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via the 1 sendcommand, 2 stringutf16, 3 getdata, and 4 getmediapacket functions, and possibl...

tftpd32 TFTP server format string vulnerability

SEND and GET TFTP commands format string bug...

CVE-2005-1020

Secure Shell SSH 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service device reload 1 via a username that contains a domain name when using a TACACS+ server to authenticate, 2 when a new SSH session is in the login phase and a currently logged in user issues a sen...