Filtered by CWE-242

Search

Switch to Advanced Search (Beta)
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-0904 1 Private Address Check Project 1 Private Address Check 2025-04-20 N/A
The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.
CVE-2024-52324 2 Ruijie, Ruijienetworks 2 Reyee Os, Reyee Os 2024-12-10 9.8 Critical
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.
CVE-2022-36310 1 Airspan 2 Airvelocity 1500, Airvelocity 1500 Firmware 2024-11-21 8.8 High
Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models.
CVE-2021-42543 1 Azeotech 1 Daqfactory 2024-11-21 7.8 High
The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.
CVE-2021-40698 1 Adobe 1 Coldfusion 2024-11-21 7.4 High
ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass  . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.
CVE-2017-1002157 1 Redhat 1 Modulemd 2024-11-21 9.8 Critical
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.