Max CVSS 10.0 Min CVSS 2.1 Total Count475
IDCVSSSummaryLast (major) updatePublished
CVE-2017-2815 None
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web re
15-05-2018 - 13:29 15-05-2018 - 13:29
CVE-2017-14439 None
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vul
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14438 None
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vul
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14437 None
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET re
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14436 None
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET re
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14435 None
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET re
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14434 None
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14433 None
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14432 None
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12129 None
An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them.
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12128 None
An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger th
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12127 None
A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12126 None
An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12125 None
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12124 None
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12123 None
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12121 None
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12120 None
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands i
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14481 None
In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command executi
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14480 None
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command executi
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14479 None
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command executi
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14478 None
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14477 None
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14476 None
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14475 None
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution w
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14474 None
In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2018-3855 None
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.
26-04-2018 - 16:29 26-04-2018 - 16:29
CVE-2018-3851 None
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc doc
26-04-2018 - 16:29 26-04-2018 - 16:29
CVE-2018-3845 None
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.
26-04-2018 - 16:29 26-04-2018 - 16:29
CVE-2018-3844 None
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution.
26-04-2018 - 16:29 26-04-2018 - 16:29
CVE-2018-3836 None
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a mali
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2924 None
An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2923 None
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2918 None
An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execu
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2908 None
An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code ex
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2907 None
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2906 None
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2905 None
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2904 None
An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2903 None
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2902 None
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2901 None
An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for cod
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2900 None
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2899 None
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2885 None
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable s
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2840 None
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2839 None
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attac
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2838 None
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attac
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2837 None
An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2836 None
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condit
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2835 None
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromi
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2834 None
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compr
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2833 None
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell chara
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2832 None
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell chara
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2812 None
A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise.
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2811 None
A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise.
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2804 None
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2803 None
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the v
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2802 None
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environme
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14450 None
A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14449 None
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14448 None
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14442 None
An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image t
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14441 None
An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can di
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14440 None
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12122 None
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12109 None
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12108 None
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can s
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12107 None
An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12105 None
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12104 None
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code exe
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12103 None
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12102 None
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12101 None
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12100 None
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for c
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12099 None
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can all
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12087 None
An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12086 None
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow fo
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12082 None
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12081 None
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for cod
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-9043 None
An out of bound write vulnerability exists in the EMF parsing functionality of CorelDRAW X8 (CdrGfx - Corel Graphics Engine (64-Bit) - 18.1.0.661). A specially crafted EMF file can cause a vulnerability resulting in potential code execution. An attac
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-9038 None
An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8732 None
Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of t
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8730 None
An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8729 None
An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8728 None
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption lea
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8384 None
An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter.
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8383 None
An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide mal
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8382 None
An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious d
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2018-3850 None
An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code
23-04-2018 - 11:29 23-04-2018 - 11:29
CVE-2017-14458 None
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrar
23-04-2018 - 11:29 23-04-2018 - 11:29
CVE-2017-2825 None
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-3843 None
An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can pote
19-04-2018 - 15:29 19-04-2018 - 15:29
CVE-2018-3842 None
An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker contr
19-04-2018 - 15:29 19-04-2018 - 15:29
CVE-2017-2871 None
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromis
17-04-2018 - 16:29 17-04-2018 - 16:29
CVE-2018-3849 None
In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain c
16-04-2018 - 12:29 16-04-2018 - 12:29
CVE-2018-3848 None
In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain c
16-04-2018 - 12:29 16-04-2018 - 12:29
CVE-2018-3846 None
In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potent
16-04-2018 - 12:29 16-04-2018 - 12:29
CVE-2018-3889 6.8
A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
12-04-2018 - 15:29 12-04-2018 - 15:29
CVE-2018-3868 6.8
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
12-04-2018 - 15:29 12-04-2018 - 15:29
CVE-2018-3862 6.8
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting
12-04-2018 - 15:29 12-04-2018 - 15:29
CVE-2018-3861 6.8
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
12-04-2018 - 15:29 12-04-2018 - 15:29
CVE-2018-3888 6.8
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can de
11-04-2018 - 16:29 11-04-2018 - 16:29
CVE-2018-3887 6.8
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can de
11-04-2018 - 16:29 11-04-2018 - 16:29
CVE-2018-3886 6.8
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can de
11-04-2018 - 16:29 11-04-2018 - 16:29
CVE-2017-14459 None
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject c
11-04-2018 - 12:29 11-04-2018 - 12:29
CVE-2018-3839 None
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An atta
10-04-2018 - 17:29 10-04-2018 - 17:29
CVE-2018-3838 None
An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An
10-04-2018 - 17:29 10-04-2018 - 17:29
CVE-2018-3837 None
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disc
10-04-2018 - 17:29 10-04-2018 - 17:29
CVE-2017-2826 4.3
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in informat
09-04-2018 - 16:29 09-04-2018 - 16:29
CVE-2017-14473 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14472 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14471 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14470 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14469 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14468 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14467 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14466 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14465 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14464 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14463 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14462 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-12093 5.0
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resou
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-12090 7.8
An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-s
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-12089 7.8
An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-12088 7.8
An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-2869 7.5
An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packe
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2017-2868 7.5
An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2017-2867 7.5
An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious pack
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2017-2861 5.0
An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An a
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2017-2853 7.5
An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attack
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2017-12095 3.3
An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoo
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2016-8717 10.0
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving at
02-04-2018 - 13:29 02-04-2018 - 13:29
CVE-2018-6253 4.9
NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service.
02-04-2018 - 12:29 02-04-2018 - 12:29
CVE-2018-6251 7.2
NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where a specially crafted pixel shader can cause writing to unallocated memory, leading to denial of service or potential code execution.
02-04-2018 - 12:29 02-04-2018 - 12:29
CVE-2018-6957 3.5
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workst
15-03-2018 - 15:29 15-03-2018 - 15:29
CVE-2016-5875 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descr
11-03-2018 - 22:29 11-03-2018 - 22:29
CVE-2017-14461 5.5
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs t
02-03-2018 - 10:29 02-03-2018 - 10:29
CVE-2018-4901 6.8
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intende
27-02-2018 - 00:29 27-02-2018 - 00:29
CVE-2017-5133 6.8
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentiality execute code via a crafted PDF file.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2018-3835 6.8
An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verif
29-01-2018 - 15:29 29-01-2018 - 15:29
CVE-2017-12130 5.0
An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs
19-01-2018 - 19:29 19-01-2018 - 19:29
CVE-2017-14460 5.1
An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-14457 6.4
An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclo
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12119 5.0
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vu
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12118 6.8
An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12116 6.8
An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authoriz
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12113 6.8
An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorizati
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12117 6.8
An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12115 6.8
An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authori
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12114 4.3
An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12112 6.8
An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorizatio
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12097 4.3
An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript
19-01-2018 - 15:29 19-01-2018 - 15:29
CVE-2017-12098 4.3
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascri
19-01-2018 - 14:29 19-01-2018 - 14:29
CVE-2017-4941 6.0
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific se
20-12-2017 - 10:29 20-12-2017 - 10:29
CVE-2017-4933 6.0
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting
20-12-2017 - 10:29 20-12-2017 - 10:29
CVE-2017-2886 6.8
A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a speci
11-12-2017 - 17:29 11-12-2017 - 17:29
CVE-2017-16367 9.3
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusio
09-12-2017 - 01:29 09-12-2017 - 01:29
CVE-2017-2919 6.8
An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to tr
20-11-2017 - 17:29 20-11-2017 - 17:29
CVE-2017-2897 6.8
An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vu
20-11-2017 - 17:29 20-11-2017 - 17:29
CVE-2017-2896 6.8
An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger
20-11-2017 - 17:29 20-11-2017 - 17:29
CVE-2017-12111 6.8
An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file
20-11-2017 - 17:29 20-11-2017 - 17:29
CVE-2017-12110 6.8
An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution.
20-11-2017 - 17:29 20-11-2017 - 17:29
CVE-2017-12608 6.8
A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resu
20-11-2017 - 15:29 20-11-2017 - 15:29
CVE-2017-12607 6.8
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary c
20-11-2017 - 14:29 20-11-2017 - 14:29
CVE-2017-9806 6.8
A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resu
20-11-2017 - 12:29 20-11-2017 - 12:29
CVE-2017-2922 7.5
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-fr
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2921 7.5
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of s
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2917 9.0
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerabili
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2916 9.0
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigge
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2915 7.7
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP re
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2914 6.8
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended admin
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2913 2.6
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2912 2.6
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacke
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2911 2.6
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2909 7.8
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet ove
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2898 8.5
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code e
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2895 6.4
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in informatio
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2894 7.5
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker ne
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2893 5.0
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker ne
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2892 7.5
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in informatio
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2891 7.5
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2890 9.0
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerab
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2889 7.8
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory an
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2884 7.8
An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2883 9.3
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2882 6.8
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2881 5.8
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alte
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2866 9.0
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2865 7.9
An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to t
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2864 7.5
An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication byp
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-12096 6.1
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point r
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-12094 6.1
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-12085 7.5
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-12084 6.0
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send a
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-12083 5.0
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2888 6.8
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential
11-10-2017 - 14:29 11-10-2017 - 14:29
CVE-2017-2887 6.8
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a s
11-10-2017 - 14:29 11-10-2017 - 14:29
CVE-2017-2920 6.8
An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code executi
05-10-2017 - 15:29 05-10-2017 - 15:29
CVE-2017-2880 6.8
An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to tr
05-10-2017 - 15:29 05-10-2017 - 15:29
CVE-2017-12106 6.8
A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA fi
05-10-2017 - 15:29 05-10-2017 - 15:29
CVE-2017-2809 6.8
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigg
14-09-2017 - 15:29 14-09-2017 - 15:29
CVE-2017-2816 6.8
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX
13-09-2017 - 14:29 13-09-2017 - 14:29
CVE-2017-2870 6.8
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2862 6.8
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2822 6.8
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user cont
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2821 6.8
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2808 6.8
An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a us
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2807 6.8
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2779 6.8
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-11263 6.8
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encodi
11-08-2017 - 15:29 11-08-2017 - 15:29
CVE-2015-7871 7.5
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2015-7854 6.5
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2015-7853 7.5
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2015-7852 4.3
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2015-7850 4.0
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2015-7849 6.5
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2017-2863 6.8
An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigg
12-07-2017 - 13:29 12-07-2017 - 13:29
CVE-2017-2820 6.8
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resul
12-07-2017 - 13:29 12-07-2017 - 13:29
CVE-2017-2818 6.8
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacke
12-07-2017 - 13:29 12-07-2017 - 13:29
CVE-2017-2814 6.8
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to cod
12-07-2017 - 13:29 12-07-2017 - 13:29
CVE-2017-2851 6.0
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2850 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in tu
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2849 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command inject
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2848 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command in
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2847 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command in
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2846 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command in
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2845 6.5
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell chara
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2844 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-1105 3.6
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.
27-06-2017 - 12:29 27-06-2017 - 12:29
CVE-2017-2843 7.5
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution.
27-06-2017 - 11:29 27-06-2017 - 11:29
CVE-2017-2842 6.5
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution.
27-06-2017 - 11:29 27-06-2017 - 11:29
CVE-2017-2841 6.5
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the
27-06-2017 - 11:29 27-06-2017 - 11:29
CVE-2017-2782 6.4
An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation
22-06-2017 - 17:29 22-06-2017 - 17:29
CVE-2017-2781 7.5
An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution.
22-06-2017 - 17:29 22-06-2017 - 17:29
CVE-2017-2780 7.5
An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution.
22-06-2017 - 17:29 22-06-2017 - 17:29
CVE-2017-2813 6.8
An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. V
21-06-2017 - 15:29 21-06-2017 - 15:29
CVE-2016-8731 7.5
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device.
21-06-2017 - 15:29 21-06-2017 - 15:29
CVE-2017-2831 5.0
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting a
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2830 5.0
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting a
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2829 4.0
An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2828 6.5
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell chara
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2827 6.5
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell chara
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2805 7.5
An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data o
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2810 7.5
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vu
14-06-2017 - 09:29 14-06-2017 - 09:29
CVE-2017-2824 6.8
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2823 6.8
A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerab
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2819 6.8
An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2817 6.8
A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file t
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2801 7.5
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2800 7.5
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger th
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2799 6.8
An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker ca
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2798 6.8
An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An atta
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2797 6.8
An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6.
23-05-2017 - 12:29 23-05-2017 - 12:29
CVE-2017-2794 6.8
An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution
23-05-2017 - 12:29 23-05-2017 - 12:29
CVE-2017-2793 6.8
An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An att
23-05-2017 - 12:29 23-05-2017 - 12:29
CVE-2017-2783 6.8
An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code executio
23-05-2017 - 12:29 23-05-2017 - 12:29
CVE-2015-7848 5.0
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp.
11-05-2017 - 21:29 06-01-2017 - 16:59
CVE-2016-9311 7.1
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-9310 6.4
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7431 5.0
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7428 3.3
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7427 3.3
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2017-5033 4.3
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a craft
28-04-2017 - 14:10 24-04-2017 - 19:59
CVE-2016-4293 6.8
Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file.
27-04-2017 - 15:52 20-04-2017 - 13:59
CVE-2017-2784 6.8
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause
26-04-2017 - 15:44 20-04-2017 - 14:59
CVE-2016-2347 6.8
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.
26-04-2017 - 14:58 21-04-2017 - 16:59
CVE-2017-2806 4.3
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versi
26-04-2017 - 13:19 20-04-2017 - 14:59
CVE-2016-8721 9.0
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in comple
26-04-2017 - 09:27 20-04-2017 - 14:59
CVE-2016-8724 5.0
An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive informat
20-04-2017 - 09:46 13-04-2017 - 15:59
CVE-2016-8725 5.0
An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an
20-04-2017 - 09:44 13-04-2017 - 15:59
CVE-2015-8271 7.5
The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.
20-04-2017 - 09:26 13-04-2017 - 10:59
CVE-2015-8270 5.0
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).
20-04-2017 - 09:19 13-04-2017 - 10:59
CVE-2016-8719 4.3
An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be
20-04-2017 - 09:00 12-04-2017 - 15:59
CVE-2016-8720 4.3
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will
20-04-2017 - 08:58 13-04-2017 - 15:59
CVE-2016-8716 3.3
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password
20-04-2017 - 08:49 12-04-2017 - 15:59
CVE-2016-8718 6.8
An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the
20-04-2017 - 08:33 12-04-2017 - 15:59
CVE-2016-8722 5.0
An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive in
20-04-2017 - 08:30 13-04-2017 - 15:59
CVE-2016-8712 4.3
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web applicati
20-04-2017 - 08:30 13-04-2017 - 15:59
CVE-2016-8723 7.8
An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attack
20-04-2017 - 08:15 13-04-2017 - 15:59
CVE-2016-8726 7.8
An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will
20-04-2017 - 08:13 13-04-2017 - 15:59
CVE-2015-8272 4.3
RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).
19-04-2017 - 15:36 13-04-2017 - 10:59
CVE-2016-2339 7.5
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially construct
07-04-2017 - 21:59 06-01-2017 - 16:59
CVE-2017-2419 5.0
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspeci
06-04-2017 - 14:13 01-04-2017 - 21:59
CVE-2017-2485 9.3
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to
05-04-2017 - 19:51 01-04-2017 - 21:59
CVE-2017-2775 6.8
An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as
05-04-2017 - 10:18 31-03-2017 - 14:59
CVE-2016-4323 5.8
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can prov
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2380 4.3
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get c
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2378 6.8
A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfilte
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2377 6.8
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-lengt
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2376 6.8
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2375 5.0
An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2374 6.8
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2373 4.3
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2372 4.9
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2371 6.8
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2370 4.3
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send inv
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2369 4.3
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starti
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2368 7.5
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2367 3.5
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2366 4.3
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network t
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2365 4.3
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the netw
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-8027 7.5
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or imper
23-03-2017 - 09:25 14-03-2017 - 18:59
CVE-2017-2788 10.0
A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code exe
13-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2017-2787 9.3
A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code exe
13-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2017-2786 5.0
A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial o
13-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2017-2785 10.0
An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code e
13-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2016-8714 6.8
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malic
13-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2016-8387 9.3
An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checkin
02-03-2017 - 10:58 27-02-2017 - 16:59
CVE-2017-2790 7.5
When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results
02-03-2017 - 10:41 24-02-2017 - 17:59
CVE-2017-2789 7.5
When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose th
02-03-2017 - 10:39 24-02-2017 - 17:59
CVE-2017-2791 6.8
JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in
02-03-2017 - 10:35 24-02-2017 - 17:59
CVE-2016-9053 7.5
An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resu
01-03-2017 - 21:59 21-02-2017 - 17:59
CVE-2016-9051 7.5
An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can l
01-03-2017 - 21:59 21-02-2017 - 17:59
CVE-2016-9049 5.0
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP
01-03-2017 - 21:59 21-02-2017 - 17:59
CVE-2016-8715 6.8
An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicio
01-03-2017 - 21:59 28-02-2017 - 10:59
CVE-2016-8389 9.3
An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the appli
01-03-2017 - 21:59 28-02-2017 - 10:59
CVE-2016-8388 9.3
An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single obj
01-03-2017 - 21:59 28-02-2017 - 10:59
CVE-2016-8386 9.3
An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a
01-03-2017 - 21:59 27-02-2017 - 16:59
CVE-2016-8385 9.3
An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a
01-03-2017 - 21:59 27-02-2017 - 16:59
CVE-2017-2374 6.8
An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application
28-02-2017 - 21:59 20-02-2017 - 03:59
CVE-2016-8713 6.8
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the vic
28-02-2017 - 21:59 10-02-2017 - 12:59
CVE-2016-8711 6.8
A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file
28-02-2017 - 21:59 10-02-2017 - 12:59
CVE-2016-8709 6.8
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a
28-02-2017 - 21:59 10-02-2017 - 12:59
CVE-2017-2372 6.8
An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of se
27-02-2017 - 21:59 20-02-2017 - 03:59
CVE-2016-1551 2.6
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the s
24-02-2017 - 14:07 27-01-2017 - 12:59
CVE-2015-7976 4.0
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
24-02-2017 - 14:00 30-01-2017 - 16:59
CVE-2017-0319 4.9
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.
23-02-2017 - 14:07 15-02-2017 - 18:59
CVE-2005-3627 7.5
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components"
19-02-2017 - 00:09 31-12-2005 - 00:00
CVE-2016-1521 6.8
The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary
16-02-2017 - 21:59 12-02-2016 - 21:59
CVE-2015-8138 5.0
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
09-02-2017 - 21:59 30-01-2017 - 16:59
CVE-2015-8140 5.8
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
08-02-2017 - 10:37 30-01-2017 - 16:59
CVE-2016-9039 4.9
An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and nev
07-02-2017 - 16:31 31-01-2017 - 16:59
CVE-2015-7973 5.8
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
07-02-2017 - 10:24 30-01-2017 - 16:59
CVE-2015-8139 5.0
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
07-02-2017 - 10:23 30-01-2017 - 16:59
CVE-2015-7975 2.1
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).
07-02-2017 - 10:22 30-01-2017 - 16:59
CVE-2015-8158 4.3
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
07-02-2017 - 10:18 30-01-2017 - 16:59
CVE-2015-7977 4.3
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
07-02-2017 - 10:01 30-01-2017 - 16:59
CVE-2015-7978 5.0
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
07-02-2017 - 09:59 30-01-2017 - 16:59
CVE-2015-7979 5.0
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
07-02-2017 - 09:58 30-01-2017 - 16:59
CVE-2017-3293 7.5
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker wi
31-01-2017 - 11:48 27-01-2017 - 17:59
CVE-2017-3271 7.5
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker wi
31-01-2017 - 09:03 27-01-2017 - 17:59
CVE-2017-2971 9.3
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution.
27-01-2017 - 21:59 24-01-2017 - 02:59
CVE-2016-9054 7.5
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_list_by_set_bin
27-01-2017 - 21:59 26-01-2017 - 16:59
CVE-2016-9052 7.5
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname result
27-01-2017 - 21:59 26-01-2017 - 16:59
CVE-2016-9050 6.4
An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process,
27-01-2017 - 21:59 26-01-2017 - 16:59
CVE-2016-8710 6.8
An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote cod
27-01-2017 - 21:59 26-01-2017 - 16:59
CVE-2016-1515
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8789. Reason: This candidate is a reservation duplicate of CVE-2015-8789. Notes: All CVE users should reference CVE-2015-8789 instead of this candidate. All references and descr
19-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-1514
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8790. Reason: This candidate is a reservation duplicate of CVE-2015-8790. Notes: All CVE users should reference CVE-2015-8790 instead of this candidate. All references and descr
19-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2015-8790 4.3
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.
19-01-2017 - 21:59 29-01-2016 - 14:59
CVE-2016-8706 6.8
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
17-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-8705 7.5
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
17-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-8704 7.5
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
17-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-8334 4.3
A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-5684 6.8
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a mali
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-5652 6.8
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a save
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4335 6.8
An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution.
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4329 2.1
A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KA
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4298 6.8
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can b
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4296 6.8
When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore ("_") character at the end of the string and write a null terminator after it. If the character i
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4295 6.8
When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014. The vulnerability occurs when processing data fo
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4294 6.8
When opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook stream, Hancom Office 2014 will attempt to allocate space for an element using a length from the file. When copying user-supplied data to this buffer, h
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4292 6.8
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, a
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4291 6.8
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4290 6.8
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4132 9.3
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs
10-01-2017 - 21:59 16-06-2016 - 10:59
CVE-2016-3579 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
10-01-2017 - 21:59 21-07-2016 - 06:14
CVE-2016-3576 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
10-01-2017 - 21:59 21-07-2016 - 06:14
CVE-2016-3575 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
10-01-2017 - 21:59 21-07-2016 - 06:14
CVE-2016-3574 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
10-01-2017 - 21:59 21-07-2016 - 06:14
CVE-2016-1550 5.0
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest k
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-1549 4.0
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-1548 6.4
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c5
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-1547 5.0
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an exi
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2015-2868 10.0
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that ca
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2015-2867 10.0
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2336 7.5
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
10-01-2017 - 21:52 06-01-2017 - 16:59
CVE-2016-4336 7.5
An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the rig
10-01-2017 - 21:47 06-01-2017 - 16:59
CVE-2016-2337 7.5
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
10-01-2017 - 19:35 06-01-2017 - 16:59
CVE-2016-4288 7.2
A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges.
10-01-2017 - 11:21 06-01-2017 - 16:59
CVE-2016-5646 6.8
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malforme
10-01-2017 - 10:45 06-01-2017 - 16:59
CVE-2016-4304 2.1
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in loca
10-01-2017 - 09:57 06-01-2017 - 16:59
CVE-2016-4305 2.1
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. A
10-01-2017 - 09:47 06-01-2017 - 16:59
CVE-2016-4306 2.1
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such a
10-01-2017 - 09:44 06-01-2017 - 16:59
CVE-2016-4307 2.1
A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. A
10-01-2017 - 09:44 06-01-2017 - 16:59
CVE-2016-4301 6.8
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
04-01-2017 - 21:59 21-09-2016 - 10:25
CVE-2016-9036 5.0
An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map1
30-12-2016 - 15:29 23-12-2016 - 17:59
CVE-2016-9037 7.8
An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used
30-12-2016 - 15:29 23-12-2016 - 17:59
CVE-2016-8707 6.8
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code ex
27-12-2016 - 21:59 23-12-2016 - 17:59
CVE-2015-3667 6.8
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability t
27-12-2016 - 21:59 02-07-2015 - 21:59
CVE-2016-8823 7.2
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges
23-12-2016 - 21:59 16-12-2016 - 16:59
CVE-2015-5786 6.8
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785.
23-12-2016 - 21:59 24-08-2015 - 21:59
CVE-2016-5647 4.6
The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape requ
22-12-2016 - 12:14 13-12-2016 - 13:59
CVE-2016-8733 7.2
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can cra
22-12-2016 - 11:44 14-12-2016 - 12:59
CVE-2016-9031 6.9
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can cra
22-12-2016 - 11:44 14-12-2016 - 12:59
CVE-2016-9032 6.9
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craf
22-12-2016 - 11:44 14-12-2016 - 12:59
CVE-2016-9033 6.9
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craf
22-12-2016 - 11:44 14-12-2016 - 12:59
CVE-2016-9034 6.9
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craf
22-12-2016 - 11:44 14-12-2016 - 12:59
CVE-2016-9035 6.9
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craf
22-12-2016 - 11:43 14-12-2016 - 12:59
CVE-2016-4300 6.8
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buf
21-12-2016 - 22:00 21-09-2016 - 10:25
CVE-2015-2506 9.3
atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2013-6487 7.5
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.
21-12-2016 - 21:59 06-02-2014 - 12:00
CVE-2016-2334 9.3
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
16-12-2016 - 15:15 13-12-2016 - 17:59
CVE-2016-2335 6.8
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation D
14-12-2016 - 21:59 07-06-2016 - 10:06
CVE-2015-7117 6.8
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087
07-12-2016 - 13:22 08-01-2016 - 21:59
CVE-2015-7090 6.8
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087
07-12-2016 - 13:22 08-01-2016 - 21:59
CVE-2015-7089 6.8
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087
07-12-2016 - 13:22 08-01-2016 - 21:59
CVE-2015-7088 6.8
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087
07-12-2016 - 13:22 08-01-2016 - 21:59
CVE-2015-7087 6.8
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7088
07-12-2016 - 13:22 08-01-2016 - 21:59
CVE-2015-6031 6.8
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversiz
07-12-2016 - 13:17 02-11-2015 - 14:59
CVE-2016-1567 6.8
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
05-12-2016 - 22:07 26-01-2016 - 14:59
CVE-2016-1523 4.3
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (mis
05-12-2016 - 22:06 12-02-2016 - 21:59
CVE-2016-1522 9.3
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based
05-12-2016 - 22:06 12-02-2016 - 21:59
CVE-2016-3455 9.0
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters.
02-12-2016 - 22:27 21-04-2016 - 07:00
CVE-2016-2796 6.8
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have u
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-1743 9.3
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-8331 6.8
An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be trigge
02-12-2016 - 18:59 28-10-2016 - 16:59
CVE-2016-1850 6.8
SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
02-12-2016 - 17:46 20-05-2016 - 07:00
CVE-2016-1541 6.8
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
30-11-2016 - 22:05 07-05-2016 - 06:59
CVE-2016-8339 7.5
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the
28-11-2016 - 15:40 28-10-2016 - 10:59
CVE-2016-8335 6.8
An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows x64. A specially crafted pdf file can cause a buffe
28-11-2016 - 15:40 28-10-2016 - 16:59
CVE-2016-8333 6.8
An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can prov
28-11-2016 - 15:40 28-10-2016 - 16:59
CVE-2016-8332 6.8
A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted
28-11-2016 - 15:40 28-10-2016 - 10:59
CVE-2016-5645 7.5
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leve
28-11-2016 - 15:28 23-08-2016 - 22:00
CVE-2016-5308 7.1
The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Por
28-11-2016 - 15:24 11-07-2016 - 22:00
CVE-2016-4637 6.8
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
28-11-2016 - 15:20 21-07-2016 - 22:59
CVE-2016-4631 6.8
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4630 6.8
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4629 10.0
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4333 6.9
The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loo
28-11-2016 - 15:17 18-11-2016 - 15:59
CVE-2016-4332 6.9
The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will wr
28-11-2016 - 15:17 18-11-2016 - 15:59
CVE-2016-4331 6.9
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.
28-11-2016 - 15:17 18-11-2016 - 15:59
CVE-2016-4330 6.9
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
28-11-2016 - 15:17 18-11-2016 - 15:59
CVE-2016-3596 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3595 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3594 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3593 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3591 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3590 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3583 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3582 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3581 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3580 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3577 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3369 7.8
Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability."
28-11-2016 - 15:08 14-09-2016 - 06:59
CVE-2016-3319 9.3
The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."
28-11-2016 - 15:08 09-08-2016 - 17:59
CVE-2016-1681 6.8
Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a cra
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1513 6.8
The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.
28-11-2016 - 14:59 05-08-2016 - 10:59
CVE-2016-0241 6.5
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP.
28-11-2016 - 14:52 21-10-2016 - 23:59
CVE-2015-7974 2.1
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
28-11-2016 - 14:45 26-01-2016 - 14:59
CVE-2015-3792 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3791 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3790 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3789 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3788 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-2869 5.0
The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a
28-11-2016 - 14:21 21-07-2015 - 11:59
CVE-2016-4302 6.8
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
06-10-2016 - 21:59 21-09-2016 - 10:25
CVE-2016-3592 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
06-10-2016 - 21:59 21-07-2016 - 06:14
CVE-2016-3578 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
06-10-2016 - 21:59 21-07-2016 - 06:14
CVE-2016-4957 5.0
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
05-10-2016 - 11:25 04-07-2016 - 21:59
CVE-2016-4303 7.5
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based b
28-09-2016 - 11:28 26-09-2016 - 10:59
CVE-2016-0301 6.8
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-20
28-07-2016 - 16:11 26-06-2016 - 10:59
CVE-2016-0279 6.8
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-20
28-07-2016 - 16:10 26-06-2016 - 10:59
CVE-2016-0278 6.8
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-20
28-07-2016 - 16:09 26-06-2016 - 10:59
CVE-2016-0277 6.8
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-20
28-07-2016 - 16:09 26-06-2016 - 10:59
CVE-2016-4324 6.8
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.
12-07-2016 - 13:56 08-07-2016 - 15:59
CVE-2015-6114 4.3
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6165.
09-12-2015 - 13:08 09-12-2015 - 06:59
CVE-2014-4115 7.2
fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a d
30-10-2015 - 13:24 15-10-2014 - 06:55
CVE-2014-3697 6.4
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
19-11-2014 - 21:59 29-10-2014 - 06:55
CVE-2014-3696 5.0
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.
19-11-2014 - 21:59 29-10-2014 - 06:55
CVE-2014-3695 5.0
markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.
19-11-2014 - 21:59 29-10-2014 - 06:55
CVE-2013-6486 9.3
gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerabilit
16-03-2014 - 00:42 06-02-2014 - 11:10
CVE-2013-6490 10.0
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
08-03-2014 - 00:11 06-02-2014 - 12:00
CVE-2013-6489 5.0
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.
08-03-2014 - 00:11 06-02-2014 - 12:00
CVE-2009-2408 6.8
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certif
22-10-2012 - 23:08 30-07-2009 - 15:30
Back to Top Mark selected
Back to Top