映射到 CWE-134 的搜索结果 (173)

CVE-2014-8170(发布:2017-09-25 21:29:00)NM
CVSS9.0

[原文]ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.

CVE-2017-0898(发布:2017-09-15 15:29:00)NMPS
CVSS6.4

[原文]Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.

CVE-2016-1895(发布:2017-09-01 17:29:00)NM
CVSS4.0

[原文]NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling.

CVE-2017-12588(发布:2017-08-06 10:29:00)N
CVSS7.5

[原文]The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.

CVE-2016-4864(发布:2017-05-12 14:29:00)NM
CVSS5.0

[原文]H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.

CVE-2015-8107(发布:2017-04-13 10:59:00)NMS
CVSS6.8

[原文]Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.

12345678下一页尾页 第1页 / 共29页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站