Filtered by CWE-138
Filtered by vendor Subscriptions
Total 40 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-1000360 1 Opendaylight 1 Opendaylight 2024-11-21 N/A
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
CVE-2017-1000359 1 Opendaylight 1 Opendaylight 2024-11-21 N/A
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
CVE-2017-0902 4 Canonical, Debian, Redhat and 1 more 11 Ubuntu Linux, Debian Linux, Enterprise Linux and 8 more 2024-11-21 N/A
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
CVE-2017-0901 4 Canonical, Debian, Redhat and 1 more 11 Ubuntu Linux, Debian Linux, Enterprise Linux and 8 more 2024-11-21 N/A
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
CVE-2017-0900 3 Debian, Redhat, Rubygems 10 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 7 more 2024-11-21 N/A
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.
CVE-2017-0899 3 Debian, Redhat, Rubygems 10 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 7 more 2024-11-21 N/A
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
CVE-2017-0368 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2024-11-21 N/A
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
CVE-2016-1248 3 Debian, Redhat, Vim 3 Debian Linux, Enterprise Linux, Vim 2024-11-21 N/A
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
CVE-2016-10745 2 Palletsprojects, Redhat 9 Jinja, Enterprise Linux, Rhel Aus and 6 more 2024-11-21 N/A
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
CVE-2016-0750 2 Infinispan, Redhat 3 Infinispan, Jboss Data Grid, Jboss Single Sign On 2024-11-21 N/A
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
CVE-2015-5234 3 Fedoraproject, Opensuse, Redhat 8 Fedora, Opensuse, Enterprise Linux and 5 more 2024-11-21 N/A
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.
CVE-2015-5186 1 Linux Audit Project 1 Linux Audit 2024-11-21 N/A
Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.
CVE-2015-3245 1 Redhat 2 Enterprise Linux, Libuser 2024-11-21 N/A
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
CVE-2014-4650 2 Python, Redhat 4 Python, Enterprise Linux, Rhel Software Collections and 1 more 2024-11-21 9.8 Critical
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
CVE-2014-2972 1 Exim 1 Exim 2024-11-21 N/A
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
CVE-2014-2532 3 Openbsd, Oracle, Redhat 3 Openssh, Communications User Data Repository, Enterprise Linux 2024-11-21 N/A
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
CVE-2013-1968 5 Apache, Canonical, Collabnet and 2 more 5 Subversion, Ubuntu Linux, Subversion and 2 more 2024-11-21 N/A
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
CVE-2012-2694 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more 5 1, Openshift, 1.1 and 2 more 2024-11-21 N/A
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660.
CVE-2024-51500 1 Meshtastic 1 Firmware 2024-11-05 5.3 Medium
Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could result in unexpected behavior and potential for DDoS attacks on the network. A malicious actor could craft a packet to be from that address which would result in an amplification of this one message into every node on the network sending multiple messages. Such an attack could result in degraded network performance for all users as the available bandwidth is consumed. This issue has been addressed in release version 2.5.6. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-38133 1 Microsoft 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more 2024-10-16 7.8 High
Windows Kernel Elevation of Privilege Vulnerability