Filtered by CWE-88
Filtered by vendor Subscriptions
Total 252 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-11022 1 Amazon 2 Fire Os, Kindle Fire Hd 2024-11-21 N/A
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash.
CVE-2018-11021 1 Amazon 2 Fire Os, Kindle Fire Hd 2024-11-21 N/A
kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/dsscomp with the command 1118064517 and cause a kernel crash.
CVE-2018-11020 1 Amazon 2 Fire Os, Kindle Fire Hd 2024-11-21 N/A
kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash.
CVE-2018-11019 1 Amazon 2 Fire Os, Kindle Fire Hd 2024-11-21 N/A
kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash.
CVE-2018-10992 1 Lilypond 1 Lilypond 2024-11-21 N/A
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523.
CVE-2018-1000632 5 Debian, Dom4j Project, Netapp and 2 more 17 Debian Linux, Dom4j, Oncommand Workflow Automation and 14 more 2024-11-21 7.5 High
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
CVE-2017-18266 3 Canonical, Debian, Freedesktop 3 Ubuntu Linux, Debian Linux, Xdg-utils 2024-11-21 N/A
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
CVE-2017-16005 1 Joyent 1 Http-signature 2024-11-21 N/A
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature.
CVE-2017-15694 1 Apache 1 Geode 2024-11-21 N/A
When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster.
CVE-2017-14591 1 Atlassian 2 Crucible, Fisheye 2024-11-21 N/A
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.
CVE-2017-1001003 1 Mathjs Project 1 Mathjs 2024-11-21 N/A
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.
CVE-2017-1000189 1 Ejs 1 Ejs 2024-11-21 N/A
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()
CVE-2016-7966 4 Debian, Fedoraproject, Kde and 1 more 4 Debian Linux, Fedora, Kmail and 1 more 2024-11-21 N/A
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
CVE-2016-4477 1 Google 1 Android 2024-11-21 N/A
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command.
CVE-2016-4476 2 Canonical, W1.fi 3 Ubuntu Linux, Hostapd, Wpa Supplicant 2024-11-21 7.5 High
hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
CVE-2016-10517 1 Redislabs 1 Redis 2024-11-21 N/A
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
CVE-2016-10033 3 Joomla, Phpmailer Project, Wordpress 3 Joomla\!, Phpmailer, Wordpress 2024-11-21 9.8 Critical
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVE-2016-1000222 1 Elastic 1 Logstash 2024-11-21 N/A
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
CVE-2015-9097 1 Mail Project 1 Mail 2024-11-21 N/A
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
CVE-2015-9096 1 Ruby-lang 1 Ruby 2024-11-21 N/A
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.