Max CVSS 10.0 Min CVSS 2.1 Total Count594
IDCVSSSummaryLast (major) updatePublished
CVE-2017-2877 None
A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults
19-09-2018 - 14:29 19-09-2018 - 14:29
CVE-2017-2876 None
An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwr
19-09-2018 - 14:29 19-09-2018 - 14:29
CVE-2017-2873 None
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell chara
19-09-2018 - 14:29 19-09-2018 - 14:29
CVE-2017-2879 None
An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwri
19-09-2018 - 12:29 19-09-2018 - 12:29
CVE-2017-2878 None
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting a
19-09-2018 - 12:29 19-09-2018 - 12:29
CVE-2017-2875 None
An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwr
19-09-2018 - 12:29 19-09-2018 - 12:29
CVE-2017-2855 None
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to
19-09-2018 - 12:29 19-09-2018 - 12:29
CVE-2017-2872 None
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware u
17-09-2018 - 16:29 17-09-2018 - 16:29
CVE-2017-2857 None
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to
17-09-2018 - 16:29 17-09-2018 - 16:29
CVE-2017-2856 None
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to
17-09-2018 - 16:29 17-09-2018 - 16:29
CVE-2017-2854 None
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to
17-09-2018 - 16:29 17-09-2018 - 16:29
CVE-2017-2874 None
An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive informati
17-09-2018 - 14:29 17-09-2018 - 14:29
CVE-2017-2777 None
An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerabi
17-09-2018 - 13:29 17-09-2018 - 13:29
CVE-2017-14443 None
An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the w
17-09-2018 - 13:29 17-09-2018 - 13:29
CVE-2016-9045 None
A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter t
17-09-2018 - 11:29 17-09-2018 - 11:29
CVE-2018-3885 None
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The order_by parameter can be used to perform an SQL injection attac
12-09-2018 - 10:29 12-09-2018 - 10:29
CVE-2018-3884 None
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sort_by and start parameter can be used to perform an SQL inject
12-09-2018 - 10:29 12-09-2018 - 10:29
CVE-2018-3883 None
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sort_order parameter can be used to perform an SQL
12-09-2018 - 10:29 12-09-2018 - 10:29
CVE-2018-3882 None
An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The searchfield parameter can be used to perform an SQL injection at
12-09-2018 - 10:29 12-09-2018 - 10:29
CVE-2018-3875 None
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON
10-09-2018 - 15:29 10-09-2018 - 15:29
CVE-2016-9048 None
Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks
10-09-2018 - 12:29 10-09-2018 - 12:29
CVE-2018-3897 None
An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JS
10-09-2018 - 11:29 10-09-2018 - 11:29
CVE-2018-3896 None
An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JS
10-09-2018 - 11:29 10-09-2018 - 11:29
CVE-2016-9044 None
An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to tri
07-09-2018 - 13:29 07-09-2018 - 13:29
CVE-2017-2795 None
An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can s
07-09-2018 - 12:29 07-09-2018 - 12:29
CVE-2017-2792 None
An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker
07-09-2018 - 12:29 07-09-2018 - 12:29
CVE-2018-4010 None
An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the sy
07-09-2018 - 11:29 07-09-2018 - 11:29
CVE-2018-3952 None
An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.
07-09-2018 - 11:29 07-09-2018 - 11:29
CVE-2016-9040 None
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause
07-09-2018 - 08:29 07-09-2018 - 08:29
CVE-2018-3916 None
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer,
28-08-2018 - 16:29 28-08-2018 - 16:29
CVE-2018-3908 None
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive reques
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2018-3895 None
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2018-3926 None
An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing
28-08-2018 - 13:29 28-08-2018 - 13:29
CVE-2018-3927 None
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are
27-08-2018 - 11:29 27-08-2018 - 11:29
CVE-2018-3918 None
An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incor
27-08-2018 - 11:29 27-08-2018 - 11:29
CVE-2018-3904 None
An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlle
27-08-2018 - 11:29 27-08-2018 - 11:29
CVE-2018-3893 None
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-contr
27-08-2018 - 11:29 27-08-2018 - 11:29
CVE-2018-3909 None
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requ
23-08-2018 - 20:29 23-08-2018 - 20:29
CVE-2018-3907 None
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requ
23-08-2018 - 20:29 23-08-2018 - 20:29
CVE-2018-3866 None
An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlle
23-08-2018 - 19:29 23-08-2018 - 18:29
CVE-2018-3856 None
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system comman
23-08-2018 - 19:29 23-08-2018 - 18:29
CVE-2018-3911 None
An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote
23-08-2018 - 18:29 23-08-2018 - 18:29
CVE-2018-3880 None
An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles
23-08-2018 - 18:29 23-08-2018 - 18:29
CVE-2018-3872 None
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a us
23-08-2018 - 18:29 23-08-2018 - 18:29
CVE-2018-3912 None
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows th
23-08-2018 - 14:29 23-08-2018 - 14:29
CVE-2017-14452 None
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a globa
23-08-2018 - 14:29 23-08-2018 - 14:29
CVE-2018-3925 None
An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB c
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2018-3919 None
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts t
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2018-3917 None
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2018-3905 None
An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2018-3903 None
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to t
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2018-3902 None
An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field fr
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2018-3879 None
An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2018-3878 None
Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2018-3867 None
An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2018-3863 None
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to t
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2017-16337 None
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigge
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2017-14455 None
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTP
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2017-14453 None
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTP
23-08-2018 - 11:29 23-08-2018 - 11:29
CVE-2018-3833 None
An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the
23-08-2018 - 10:29 23-08-2018 - 10:29
CVE-2018-3832 None
An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsig
23-08-2018 - 10:29 23-08-2018 - 10:29
CVE-2017-16348 None
An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vuln
23-08-2018 - 10:29 23-08-2018 - 10:29
CVE-2018-3938 None
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-3937 None
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2017-16252 None
Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vu
06-08-2018 - 17:29 06-08-2018 - 17:29
CVE-2017-14447 None
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ov
06-08-2018 - 13:29 06-08-2018 - 13:29
CVE-2018-3834 None
An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't c
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-16349 None
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service.
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-16347 None
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 b
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-16346 None
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes lar
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-16345 None
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes lar
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-16344 None
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes lar
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-16343 None
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-16342 None
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-16341 None
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy to the buffer at 0xa0000418. This buffer is maximum
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-16340 None
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to the buffer at 0xa000180c. This buffer is 6 bytes la
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-16339 None
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the buffer at 0xa00016a0. This buffer is 64 bytes large
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-16338 None
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the buffer at 0xa00016e0. This buffer is 32 bytes larg
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-14446 None
An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker ca
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-14445 None
An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2017-14444 None
An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section.
02-08-2018 - 15:29 02-08-2018 - 15:29
CVE-2018-3939 None
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code
01-08-2018 - 16:29 01-08-2018 - 16:29
CVE-2018-3924 None
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary c
01-08-2018 - 16:29 01-08-2018 - 16:29
CVE-2018-3881 None
An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in
01-08-2018 - 16:29 01-08-2018 - 16:29
CVE-2018-3847 None
Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An att
01-08-2018 - 15:29 01-08-2018 - 15:29
CVE-2018-3923 None
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can de
01-08-2018 - 11:29 01-08-2018 - 11:29
CVE-2018-3922 None
A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver
01-08-2018 - 11:29 01-08-2018 - 11:29
CVE-2018-3921 None
A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver
01-08-2018 - 11:29 01-08-2018 - 11:29
CVE-2018-12815 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12812 10.0
Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12756 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-3871 6.8
An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliv
19-07-2018 - 15:29 19-07-2018 - 15:29
CVE-2018-3870 6.8
An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliv
19-07-2018 - 15:29 19-07-2018 - 15:29
CVE-2018-3860 6.8
An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can del
19-07-2018 - 15:29 19-07-2018 - 15:29
CVE-2018-3859 6.8
An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can del
19-07-2018 - 15:29 19-07-2018 - 15:29
CVE-2018-3858 6.8
An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a
19-07-2018 - 15:29 19-07-2018 - 15:29
CVE-2018-3857 6.8
An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a
19-07-2018 - 15:29 19-07-2018 - 15:29
CVE-2018-3936 6.8
In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution.
11-07-2018 - 12:29 11-07-2018 - 12:29
CVE-2018-3933 6.8
An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead
11-07-2018 - 12:29 11-07-2018 - 12:29
CVE-2018-3932 6.8
An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document
11-07-2018 - 12:29 11-07-2018 - 12:29
CVE-2018-3931 6.8
In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putS
11-07-2018 - 12:29 11-07-2018 - 12:29
CVE-2018-3930 6.8
In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbge
11-07-2018 - 12:29 11-07-2018 - 12:29
CVE-2018-3929 6.8
An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap cor
11-07-2018 - 12:29 11-07-2018 - 12:29
CVE-2018-6965 5.5
VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information discl
09-07-2018 - 16:29 09-07-2018 - 16:29
CVE-2018-4996 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4947 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-3841 5.0
A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use ca
26-06-2018 - 17:29 26-06-2018 - 17:29
CVE-2018-3840 5.0
A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated
26-06-2018 - 17:29 26-06-2018 - 17:29
CVE-2018-1655 2.1
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.
22-06-2018 - 10:29 22-06-2018 - 10:29
CVE-2018-8210 7.2
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-3852 5.0
An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP pac
06-06-2018 - 17:29 06-06-2018 - 17:29
CVE-2018-3853 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary co
04-06-2018 - 16:29 04-06-2018 - 16:29
CVE-2017-12092 5.0
An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory
04-06-2018 - 16:29 04-06-2018 - 16:29
CVE-2016-9042 4.3
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate repl
04-06-2018 - 16:29 04-06-2018 - 16:29
CVE-2016-8390 6.8
An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bou
04-06-2018 - 15:29 04-06-2018 - 15:29
CVE-2017-2860 5.0
An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can sen
01-06-2018 - 11:29 01-06-2018 - 11:29
CVE-2017-2858 5.0
An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a ma
01-06-2018 - 11:29 01-06-2018 - 11:29
CVE-2017-2852 5.0
An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can sen
01-06-2018 - 11:29 01-06-2018 - 11:29
CVE-2017-2815 5.5
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web re
15-05-2018 - 13:29 15-05-2018 - 13:29
CVE-2017-14439 5.0
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vul
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14438 5.0
Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vul
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14437 5.0
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET re
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14436 5.0
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET re
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14435 5.0
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET re
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14434 9.0
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14433 9.0
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14432 9.0
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12129 2.9
An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them.
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12128 5.0
An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger th
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12127 2.1
A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device.
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12126 6.8
An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12125 9.0
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12124 5.0
An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12123 3.3
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12121 9.0
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-12120 9.0
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands i
14-05-2018 - 16:29 14-05-2018 - 16:29
CVE-2017-14481 10.0
In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command executi
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14480 10.0
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command executi
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14479 10.0
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command executi
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14478 10.0
In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14477 10.0
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14476 10.0
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14475 10.0
In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution w
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2017-14474 10.0
In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges
09-05-2018 - 16:29 09-05-2018 - 16:29
CVE-2018-3855 6.8
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.
26-04-2018 - 16:29 26-04-2018 - 16:29
CVE-2018-3851 6.8
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc doc
26-04-2018 - 16:29 26-04-2018 - 16:29
CVE-2018-3845 6.8
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.
26-04-2018 - 16:29 26-04-2018 - 16:29
CVE-2018-3844 6.8
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution.
26-04-2018 - 16:29 26-04-2018 - 16:29
CVE-2018-3836 7.2
An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a mali
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2924 6.8
An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2923 6.8
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2918 6.8
An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execu
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2908 6.8
An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code ex
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2907 6.8
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2906 6.8
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2905 6.8
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2904 6.8
An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2903 6.8
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2902 6.8
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2901 6.8
An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for cod
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2900 6.8
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2899 6.8
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2885 7.5
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable s
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2840 6.8
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2839 4.3
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attac
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2838 4.3
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attac
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2837 4.3
An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2836 4.3
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condit
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2835 6.8
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromi
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2834 6.8
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compr
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2833 8.5
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell chara
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2832 9.0
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell chara
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2812 6.8
A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise.
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2811 6.8
A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise.
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2804 6.8
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2803 6.8
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the v
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-2802 6.8
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environme
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14450 5.8
A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14449 6.8
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14448 6.8
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14442 6.8
An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image t
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14441 6.8
An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can di
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-14440 6.8
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12122 6.8
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12109 6.8
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12108 6.8
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can s
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12107 6.8
An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12105 6.8
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12104 6.8
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code exe
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12103 6.8
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12102 6.8
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12101 6.8
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12100 6.8
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for c
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12099 6.8
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can all
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12087 7.5
An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12086 6.8
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow fo
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12082 6.8
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2017-12081 6.8
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for cod
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-9043 6.8
An out of bound write vulnerability exists in the EMF parsing functionality of CorelDRAW X8 (CdrGfx - Corel Graphics Engine (64-Bit) - 18.1.0.661). A specially crafted EMF file can cause a vulnerability resulting in potential code execution. An attac
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-9038 4.4
An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8732 4.6
Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of t
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8730 6.8
An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8729 6.8
An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8728 6.8
An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption lea
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8384 6.8
An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter.
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8383 6.8
An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide mal
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2016-8382 6.8
An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious d
24-04-2018 - 15:29 24-04-2018 - 15:29
CVE-2018-3850 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code
23-04-2018 - 11:29 23-04-2018 - 11:29
CVE-2017-14458 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrar
23-04-2018 - 11:29 23-04-2018 - 11:29
CVE-2017-2825 6.8
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active
20-04-2018 - 17:29 20-04-2018 - 17:29
CVE-2018-3843 6.8
An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can pote
19-04-2018 - 15:29 19-04-2018 - 15:29
CVE-2018-3842 6.8
An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker contr
19-04-2018 - 15:29 19-04-2018 - 15:29
CVE-2017-2871 5.8
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromis
17-04-2018 - 16:29 17-04-2018 - 16:29
CVE-2018-10169 10.0
ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly
16-04-2018 - 17:29 16-04-2018 - 17:29
CVE-2018-3849 6.8
In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain c
16-04-2018 - 12:29 16-04-2018 - 12:29
CVE-2018-3848 6.8
In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain c
16-04-2018 - 12:29 16-04-2018 - 12:29
CVE-2018-3846 6.8
In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potent
16-04-2018 - 12:29 16-04-2018 - 12:29
CVE-2018-3889 6.8
A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.
12-04-2018 - 15:29 12-04-2018 - 15:29
CVE-2018-3868 6.8
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
12-04-2018 - 15:29 12-04-2018 - 15:29
CVE-2018-3862 6.8
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting
12-04-2018 - 15:29 12-04-2018 - 15:29
CVE-2018-3861 6.8
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
12-04-2018 - 15:29 12-04-2018 - 15:29
CVE-2018-3888 6.8
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can de
11-04-2018 - 16:29 11-04-2018 - 16:29
CVE-2018-3887 6.8
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can de
11-04-2018 - 16:29 11-04-2018 - 16:29
CVE-2018-3886 6.8
A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can de
11-04-2018 - 16:29 11-04-2018 - 16:29
CVE-2017-14459 10.0
An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject c
11-04-2018 - 12:29 11-04-2018 - 12:29
CVE-2018-3839 6.8
An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An atta
10-04-2018 - 17:29 10-04-2018 - 17:29
CVE-2018-3838 4.3
An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disclosure. An
10-04-2018 - 17:29 10-04-2018 - 17:29
CVE-2018-3837 4.3
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disc
10-04-2018 - 17:29 10-04-2018 - 17:29
CVE-2017-2826 4.3
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in informat
09-04-2018 - 16:29 09-04-2018 - 16:29
CVE-2017-14473 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14472 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14471 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14470 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14469 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14468 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14467 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14466 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14465 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14464 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14463 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-14462 7.5
An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulti
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-12093 5.0
An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resou
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-12090 7.8
An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-s
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-12089 7.8
An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-12088 7.8
An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of
05-04-2018 - 17:29 05-04-2018 - 17:29
CVE-2017-2869 7.5
An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packe
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2017-2868 7.5
An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2017-2867 7.5
An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious pack
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2017-2861 5.0
An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An a
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2017-2853 7.5
An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attack
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2017-12095 3.3
An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoo
05-04-2018 - 15:29 05-04-2018 - 15:29
CVE-2016-8717 10.0
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving at
02-04-2018 - 13:29 02-04-2018 - 13:29
CVE-2018-6253 4.9
NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service.
02-04-2018 - 12:29 02-04-2018 - 12:29
CVE-2018-6251 7.2
NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX 10 Usermode driver, where a specially crafted pixel shader can cause writing to unallocated memory, leading to denial of service or potential code execution.
02-04-2018 - 12:29 02-04-2018 - 12:29
CVE-2018-6957 3.5
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workst
15-03-2018 - 15:29 15-03-2018 - 15:29
CVE-2016-5875 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descr
11-03-2018 - 22:29 11-03-2018 - 22:29
CVE-2017-14461 5.5
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs t
02-03-2018 - 10:29 02-03-2018 - 10:29
CVE-2018-4901 6.8
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intende
27-02-2018 - 00:29 27-02-2018 - 00:29
CVE-2017-5133 6.8
Off-by-one read/write on the heap in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to corrupt memory and possibly leak information and potentiality execute code via a crafted PDF file.
07-02-2018 - 18:29 07-02-2018 - 18:29
CVE-2018-3835 6.8
An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verif
29-01-2018 - 15:29 29-01-2018 - 15:29
CVE-2017-12130 5.0
An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs
19-01-2018 - 19:29 19-01-2018 - 19:29
CVE-2017-14460 5.1
An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-14457 6.4
An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclo
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12119 5.0
An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vu
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12118 6.8
An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12116 6.8
An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authoriz
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12113 6.8
An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorizati
19-01-2018 - 18:29 19-01-2018 - 18:29
CVE-2017-12117 6.8
An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12115 6.8
An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authori
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12114 4.3
An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12112 6.8
An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorizatio
19-01-2018 - 17:29 19-01-2018 - 17:29
CVE-2017-12097 4.3
An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript
19-01-2018 - 15:29 19-01-2018 - 15:29
CVE-2017-12098 4.3
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascri
19-01-2018 - 14:29 19-01-2018 - 14:29
CVE-2017-4941 6.0
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific se
20-12-2017 - 10:29 20-12-2017 - 10:29
CVE-2017-4933 6.0
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting
20-12-2017 - 10:29 20-12-2017 - 10:29
CVE-2017-2886 6.8
A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a speci
11-12-2017 - 17:29 11-12-2017 - 17:29
CVE-2017-16367 9.3
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusio
09-12-2017 - 01:29 09-12-2017 - 01:29
CVE-2017-2919 6.8
An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to tr
20-11-2017 - 17:29 20-11-2017 - 17:29
CVE-2017-2897 6.8
An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vu
20-11-2017 - 17:29 20-11-2017 - 17:29
CVE-2017-2896 6.8
An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger
20-11-2017 - 17:29 20-11-2017 - 17:29
CVE-2017-12111 6.8
An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file
20-11-2017 - 17:29 20-11-2017 - 17:29
CVE-2017-12110 6.8
An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution.
20-11-2017 - 17:29 20-11-2017 - 17:29
CVE-2017-12608 6.8
A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resu
20-11-2017 - 15:29 20-11-2017 - 15:29
CVE-2017-12607 6.8
A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary c
20-11-2017 - 14:29 20-11-2017 - 14:29
CVE-2017-9806 6.8
A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resu
20-11-2017 - 12:29 20-11-2017 - 12:29
CVE-2017-2922 7.5
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-fr
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2921 7.5
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of s
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2917 9.0
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerabili
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2916 9.0
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigge
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2915 7.7
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP re
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2914 6.8
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended admin
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2913 2.6
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2912 2.6
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacke
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2911 2.6
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2909 7.8
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet ove
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2898 8.5
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code e
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2895 6.4
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in informatio
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2894 7.5
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker ne
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2893 5.0
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker ne
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2892 7.5
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in informatio
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2891 7.5
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2890 9.0
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerab
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2889 7.8
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory an
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2884 7.8
An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2883 9.3
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2882 6.8
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2881 5.8
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alte
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2866 9.0
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2865 7.9
An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to t
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2864 7.5
An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication byp
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-12096 6.1
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point r
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-12094 6.1
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-12085 7.5
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-12084 6.0
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send a
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-12083 5.0
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response
07-11-2017 - 11:29 07-11-2017 - 11:29
CVE-2017-2888 6.8
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential
11-10-2017 - 14:29 11-10-2017 - 14:29
CVE-2017-2887 6.8
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a s
11-10-2017 - 14:29 11-10-2017 - 14:29
CVE-2017-2920 6.8
An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code executi
05-10-2017 - 15:29 05-10-2017 - 15:29
CVE-2017-2880 6.8
An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to tr
05-10-2017 - 15:29 05-10-2017 - 15:29
CVE-2017-12106 6.8
A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA fi
05-10-2017 - 15:29 05-10-2017 - 15:29
CVE-2017-2809 6.8
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigg
14-09-2017 - 15:29 14-09-2017 - 15:29
CVE-2017-2816 6.8
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX
13-09-2017 - 14:29 13-09-2017 - 14:29
CVE-2017-2870 6.8
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2862 6.8
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2822 6.8
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user cont
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2821 6.8
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2808 6.8
An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a us
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2807 6.8
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-2779 6.8
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping
05-09-2017 - 14:29 05-09-2017 - 14:29
CVE-2017-11263 6.8
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encodi
11-08-2017 - 15:29 11-08-2017 - 15:29
CVE-2015-7871 7.5
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2015-7854 6.5
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2015-7853 7.5
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2015-7852 4.3
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2015-7850 4.0
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2015-7849 6.5
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2017-2863 6.8
An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigg
12-07-2017 - 13:29 12-07-2017 - 13:29
CVE-2017-2820 6.8
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resul
12-07-2017 - 13:29 12-07-2017 - 13:29
CVE-2017-2818 6.8
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacke
12-07-2017 - 13:29 12-07-2017 - 13:29
CVE-2017-2814 6.8
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to cod
12-07-2017 - 13:29 12-07-2017 - 13:29
CVE-2017-2851 6.0
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2850 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in tu
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2849 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command inject
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2848 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command in
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2847 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command in
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2846 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command in
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2845 6.5
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell chara
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-2844 6.5
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An
29-06-2017 - 13:29 29-06-2017 - 13:29
CVE-2017-1105 3.6
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.
27-06-2017 - 12:29 27-06-2017 - 12:29
CVE-2017-2843 7.5
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution.
27-06-2017 - 11:29 27-06-2017 - 11:29
CVE-2017-2842 6.5
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution.
27-06-2017 - 11:29 27-06-2017 - 11:29
CVE-2017-2841 6.5
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the
27-06-2017 - 11:29 27-06-2017 - 11:29
CVE-2017-2782 6.4
An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation
22-06-2017 - 17:29 22-06-2017 - 17:29
CVE-2017-2781 7.5
An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution.
22-06-2017 - 17:29 22-06-2017 - 17:29
CVE-2017-2780 7.5
An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution.
22-06-2017 - 17:29 22-06-2017 - 17:29
CVE-2017-2813 6.8
An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. V
21-06-2017 - 15:29 21-06-2017 - 15:29
CVE-2016-8731 7.5
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device.
21-06-2017 - 15:29 21-06-2017 - 15:29
CVE-2017-2831 5.0
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting a
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2830 5.0
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting a
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2829 4.0
An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2828 6.5
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell chara
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2827 6.5
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell chara
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2805 7.5
An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data o
21-06-2017 - 09:29 21-06-2017 - 09:29
CVE-2017-2810 7.5
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vu
14-06-2017 - 09:29 14-06-2017 - 09:29
CVE-2017-2824 6.8
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2823 6.8
A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerab
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2819 6.8
An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2817 6.8
A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file t
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2801 7.5
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2800 7.5
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger th
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2799 6.8
An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker ca
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2798 6.8
An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An atta
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2017-2797 6.8
An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6.
23-05-2017 - 12:29 23-05-2017 - 12:29
CVE-2017-2794 6.8
An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution
23-05-2017 - 12:29 23-05-2017 - 12:29
CVE-2017-2793 6.8
An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An att
23-05-2017 - 12:29 23-05-2017 - 12:29
CVE-2017-2783 6.8
An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code executio
23-05-2017 - 12:29 23-05-2017 - 12:29
CVE-2015-7848 5.0
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp.
11-05-2017 - 21:29 06-01-2017 - 16:59
CVE-2016-9311 7.1
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-9310 6.4
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7431 5.0
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7428 3.3
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7427 3.3
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2017-5033 4.3
Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a craft
28-04-2017 - 14:10 24-04-2017 - 19:59
CVE-2016-4293 6.8
Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file.
27-04-2017 - 15:52 20-04-2017 - 13:59
CVE-2017-2784 6.8
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause
26-04-2017 - 15:44 20-04-2017 - 14:59
CVE-2016-2347 6.8
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.
26-04-2017 - 14:58 21-04-2017 - 16:59
CVE-2017-2806 4.3
An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versi
26-04-2017 - 13:19 20-04-2017 - 14:59
CVE-2016-8721 9.0
An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in comple
26-04-2017 - 09:27 20-04-2017 - 14:59
CVE-2016-8724 5.0
An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive informat
20-04-2017 - 09:46 13-04-2017 - 15:59
CVE-2016-8725 5.0
An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an
20-04-2017 - 09:44 13-04-2017 - 15:59
CVE-2015-8271 7.5
The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.
20-04-2017 - 09:26 13-04-2017 - 10:59
CVE-2015-8270 5.0
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).
20-04-2017 - 09:19 13-04-2017 - 10:59
CVE-2016-8719 4.3
An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be
20-04-2017 - 09:00 12-04-2017 - 15:59
CVE-2016-8720 4.3
An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will
20-04-2017 - 08:58 13-04-2017 - 15:59
CVE-2016-8716 3.3
An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password
20-04-2017 - 08:49 12-04-2017 - 15:59
CVE-2016-8718 6.8
An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the
20-04-2017 - 08:33 12-04-2017 - 15:59
CVE-2016-8722 5.0
An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive in
20-04-2017 - 08:30 13-04-2017 - 15:59
CVE-2016-8712 4.3
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web applicati
20-04-2017 - 08:30 13-04-2017 - 15:59
CVE-2016-8723 7.8
An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attack
20-04-2017 - 08:15 13-04-2017 - 15:59
CVE-2016-8726 7.8
An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will
20-04-2017 - 08:13 13-04-2017 - 15:59
CVE-2015-8272 4.3
RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).
19-04-2017 - 15:36 13-04-2017 - 10:59
CVE-2016-2339 7.5
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially construct
07-04-2017 - 21:59 06-01-2017 - 16:59
CVE-2017-2419 5.0
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspeci
06-04-2017 - 14:13 01-04-2017 - 21:59
CVE-2017-2485 9.3
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Security" component. It allows remote attackers to
05-04-2017 - 19:51 01-04-2017 - 21:59
CVE-2017-2775 6.8
An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as
05-04-2017 - 10:18 31-03-2017 - 14:59
CVE-2016-4323 5.8
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can prov
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2380 4.3
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get c
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2378 6.8
A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfilte
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2377 6.8
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-lengt
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2376 6.8
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2375 5.0
An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2374 6.8
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2373 4.3
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2372 4.9
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle attacker can send an invalid
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2371 6.8
An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could cause memory corruption resulting in code execution.
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2370 4.3
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send inv
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2369 4.3
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starti
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2368 7.5
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2367 3.5
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious user, server, or man-in-the-middle can send an invalid size for
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2366 4.3
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or an attacker who intercepts the network t
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2365 4.3
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a null pointer dereference. A malicious server or an attacker who intercepts the netw
29-03-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-8027 7.5
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or imper
23-03-2017 - 09:25 14-03-2017 - 18:59
CVE-2017-2788 10.0
A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code exe
13-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2017-2787 9.3
A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code exe
13-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2017-2786 5.0
A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial o
13-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2017-2785 10.0
An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code e
13-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2016-8714 6.8
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malic
13-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2016-8387 9.3
An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checkin
02-03-2017 - 10:58 27-02-2017 - 16:59
CVE-2017-2790 7.5
When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results
02-03-2017 - 10:41 24-02-2017 - 17:59
CVE-2017-2789 7.5
When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose th
02-03-2017 - 10:39 24-02-2017 - 17:59
CVE-2017-2791 6.8
JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in
02-03-2017 - 10:35 24-02-2017 - 17:59
CVE-2016-9053 7.5
An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resu
01-03-2017 - 21:59 21-02-2017 - 17:59
CVE-2016-9051 7.5
An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can l
01-03-2017 - 21:59 21-02-2017 - 17:59
CVE-2016-9049 5.0
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP
01-03-2017 - 21:59 21-02-2017 - 17:59
CVE-2016-8715 6.8
An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicio
01-03-2017 - 21:59 28-02-2017 - 10:59
CVE-2016-8389 9.3
An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the appli
01-03-2017 - 21:59 28-02-2017 - 10:59
CVE-2016-8388 9.3
An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single obj
01-03-2017 - 21:59 28-02-2017 - 10:59
CVE-2016-8386 9.3
An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a
01-03-2017 - 21:59 27-02-2017 - 16:59
CVE-2016-8385 9.3
An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a
01-03-2017 - 21:59 27-02-2017 - 16:59
CVE-2017-2374 6.8
An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application
28-02-2017 - 21:59 20-02-2017 - 03:59
CVE-2016-8713 6.8
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the vic
28-02-2017 - 21:59 10-02-2017 - 12:59
CVE-2016-8711 6.8
A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file
28-02-2017 - 21:59 10-02-2017 - 12:59
CVE-2016-8709 6.8
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a
28-02-2017 - 21:59 10-02-2017 - 12:59
CVE-2017-2372 6.8
An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of se
27-02-2017 - 21:59 20-02-2017 - 03:59
CVE-2016-1551 2.6
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the s
24-02-2017 - 14:07 27-01-2017 - 12:59
CVE-2015-7976 4.0
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
24-02-2017 - 14:00 30-01-2017 - 16:59
CVE-2017-0319 4.9
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.
23-02-2017 - 14:07 15-02-2017 - 18:59
CVE-2005-3627 7.5
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components"
19-02-2017 - 00:09 31-12-2005 - 00:00
CVE-2016-1521 6.8
The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary
16-02-2017 - 21:59 12-02-2016 - 21:59
CVE-2015-8138 5.0
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
09-02-2017 - 21:59 30-01-2017 - 16:59
CVE-2015-8140 5.8
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
08-02-2017 - 10:37 30-01-2017 - 16:59
CVE-2016-9039 4.9
An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and nev
07-02-2017 - 16:31 31-01-2017 - 16:59
CVE-2015-7973 5.8
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
07-02-2017 - 10:24 30-01-2017 - 16:59
CVE-2015-8139 5.0
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
07-02-2017 - 10:23 30-01-2017 - 16:59
CVE-2015-7975 2.1
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).
07-02-2017 - 10:22 30-01-2017 - 16:59
CVE-2015-8158 4.3
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
07-02-2017 - 10:18 30-01-2017 - 16:59
CVE-2015-7977 4.3
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.
07-02-2017 - 10:01 30-01-2017 - 16:59
CVE-2015-7978 5.0
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
07-02-2017 - 09:59 30-01-2017 - 16:59
CVE-2015-7979 5.0
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
07-02-2017 - 09:58 30-01-2017 - 16:59
CVE-2017-3293 7.5
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker wi
31-01-2017 - 11:48 27-01-2017 - 17:59
CVE-2017-3271 7.5
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker wi
31-01-2017 - 09:03 27-01-2017 - 17:59
CVE-2017-2971 9.3
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution.
27-01-2017 - 21:59 24-01-2017 - 02:59
CVE-2016-9054 7.5
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_list_by_set_bin
27-01-2017 - 21:59 26-01-2017 - 16:59
CVE-2016-9052 7.5
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname result
27-01-2017 - 21:59 26-01-2017 - 16:59
CVE-2016-9050 6.4
An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process,
27-01-2017 - 21:59 26-01-2017 - 16:59
CVE-2016-8710 6.8
An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote cod
27-01-2017 - 21:59 26-01-2017 - 16:59
CVE-2016-1515
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8789. Reason: This candidate is a reservation duplicate of CVE-2015-8789. Notes: All CVE users should reference CVE-2015-8789 instead of this candidate. All references and descr
19-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-1514
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8790. Reason: This candidate is a reservation duplicate of CVE-2015-8790. Notes: All CVE users should reference CVE-2015-8790 instead of this candidate. All references and descr
19-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2015-8790 4.3
The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access.
19-01-2017 - 21:59 29-01-2016 - 14:59
CVE-2016-8706 6.8
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
17-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-8705 7.5
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
17-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-8704 7.5
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
17-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-8334 4.3
A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR.
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-5684 6.8
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a mali
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-5652 6.8
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a save
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4335 6.8
An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution.
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4329 2.1
A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KA
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4298 6.8
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can b
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4296 6.8
When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore ("_") character at the end of the string and write a null terminator after it. If the character i
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4295 6.8
When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014. The vulnerability occurs when processing data fo
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4294 6.8
When opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook stream, Hancom Office 2014 will attempt to allocate space for an element using a length from the file. When copying user-supplied data to this buffer, h
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4292 6.8
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, a
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4291 6.8
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4290 6.8
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-4132 9.3
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs
10-01-2017 - 21:59 16-06-2016 - 10:59
CVE-2016-3579 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
10-01-2017 - 21:59 21-07-2016 - 06:14
CVE-2016-3576 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
10-01-2017 - 21:59 21-07-2016 - 06:14
CVE-2016-3575 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
10-01-2017 - 21:59 21-07-2016 - 06:14
CVE-2016-3574 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
10-01-2017 - 21:59 21-07-2016 - 06:14
CVE-2016-1550 5.0
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest k
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-1549 4.0
A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-1548 6.4
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c5
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-1547 5.0
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an exi
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2015-2868 10.0
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long REG request that ca
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2015-2867 10.0
A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system.
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-2336 7.5
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution.
10-01-2017 - 21:52 06-01-2017 - 16:59
CVE-2016-4336 7.5
An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow causing an out-of-bounds write which under the rig
10-01-2017 - 21:47 06-01-2017 - 16:59
CVE-2016-2337 7.5
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
10-01-2017 - 19:35 06-01-2017 - 16:59
CVE-2016-4288 7.2
A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges.
10-01-2017 - 11:21 06-01-2017 - 16:59
CVE-2016-5646 6.8
An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malforme
10-01-2017 - 10:45 06-01-2017 - 16:59
CVE-2016-4304 2.1
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in loca
10-01-2017 - 09:57 06-01-2017 - 16:59
CVE-2016-4305 2.1
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. A
10-01-2017 - 09:47 06-01-2017 - 16:59
CVE-2016-4306 2.1
Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out-of-bounds kernel memory, potentially leaking sensitive information such a
10-01-2017 - 09:44 06-01-2017 - 16:59
CVE-2016-4307 2.1
A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. A
10-01-2017 - 09:44 06-01-2017 - 16:59
CVE-2016-4301 6.8
Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.
04-01-2017 - 21:59 21-09-2016 - 10:25
CVE-2016-9036 5.0
An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map1
30-12-2016 - 15:29 23-12-2016 - 17:59
CVE-2016-9037 7.8
An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used
30-12-2016 - 15:29 23-12-2016 - 17:59
CVE-2016-8707 6.8
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code ex
27-12-2016 - 21:59 23-12-2016 - 17:59
CVE-2015-3667 6.8
QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability t
27-12-2016 - 21:59 02-07-2015 - 21:59
CVE-2016-8823 7.2
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges
23-12-2016 - 21:59 16-12-2016 - 16:59
CVE-2015-5786 6.8
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785.
23-12-2016 - 21:59 24-08-2015 - 21:59
CVE-2016-5647 4.6
The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape requ
22-12-2016 - 12:14 13-12-2016 - 13:59
CVE-2016-8733 7.2
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can cra
22-12-2016 - 11:44 14-12-2016 - 12:59
CVE-2016-9031 6.9
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can cra
22-12-2016 - 11:44 14-12-2016 - 12:59
CVE-2016-9032 6.9
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craf
22-12-2016 - 11:44 14-12-2016 - 12:59
CVE-2016-9033 6.9
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craf
22-12-2016 - 11:44 14-12-2016 - 12:59
CVE-2016-9034 6.9
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craf
22-12-2016 - 11:44 14-12-2016 - 12:59
CVE-2016-9035 6.9
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craf
22-12-2016 - 11:43 14-12-2016 - 12:59
CVE-2016-4300 6.8
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buf
21-12-2016 - 22:00 21-09-2016 - 10:25
CVE-2015-2506 9.3
atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to
21-12-2016 - 21:59 08-09-2015 - 20:59
CVE-2013-6487 7.5
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.
21-12-2016 - 21:59 06-02-2014 - 12:00
CVE-2016-2334 9.3
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
16-12-2016 - 15:15 13-12-2016 - 17:59
CVE-2016-2335 6.8
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation D
14-12-2016 - 21:59 07-06-2016 - 10:06
CVE-2015-7117 6.8
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087
07-12-2016 - 13:22 08-01-2016 - 21:59
CVE-2015-7090 6.8
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087
07-12-2016 - 13:22 08-01-2016 - 21:59
CVE-2015-7089 6.8
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087
07-12-2016 - 13:22 08-01-2016 - 21:59
CVE-2015-7088 6.8
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087
07-12-2016 - 13:22 08-01-2016 - 21:59
CVE-2015-7087 6.8
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7088
07-12-2016 - 13:22 08-01-2016 - 21:59
CVE-2015-6031 6.8
Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversiz
07-12-2016 - 13:17 02-11-2015 - 14:59
CVE-2016-1567 6.8
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
05-12-2016 - 22:07 26-01-2016 - 14:59
CVE-2016-1523 4.3
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (mis
05-12-2016 - 22:06 12-02-2016 - 21:59
CVE-2016-1522 9.3
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based
05-12-2016 - 22:06 12-02-2016 - 21:59
CVE-2016-3455 9.0
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters.
02-12-2016 - 22:27 21-04-2016 - 07:00
CVE-2016-2796 6.8
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have u
02-12-2016 - 22:25 13-03-2016 - 14:59
CVE-2016-1743 9.3
The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-
02-12-2016 - 22:22 23-03-2016 - 21:59
CVE-2016-8331 6.8
An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be trigge
02-12-2016 - 18:59 28-10-2016 - 16:59
CVE-2016-1850 6.8
SceneKit in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
02-12-2016 - 17:46 20-05-2016 - 07:00
CVE-2016-1541 6.8
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
30-11-2016 - 22:05 07-05-2016 - 06:59
CVE-2016-8339 7.5
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the
28-11-2016 - 15:40 28-10-2016 - 10:59
CVE-2016-8335 6.8
An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows x64. A specially crafted pdf file can cause a buffe
28-11-2016 - 15:40 28-10-2016 - 16:59
CVE-2016-8333 6.8
An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can prov
28-11-2016 - 15:40 28-10-2016 - 16:59
CVE-2016-8332 6.8
A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted
28-11-2016 - 15:40 28-10-2016 - 10:59
CVE-2016-5645 7.5
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leve
28-11-2016 - 15:28 23-08-2016 - 22:00
CVE-2016-5308 7.1
The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Por
28-11-2016 - 15:24 11-07-2016 - 22:00
CVE-2016-4637 6.8
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
28-11-2016 - 15:20 21-07-2016 - 22:59
CVE-2016-4631 6.8
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4630 6.8
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4629 10.0
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.
28-11-2016 - 15:19 21-07-2016 - 22:59
CVE-2016-4333 6.9
The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loo
28-11-2016 - 15:17 18-11-2016 - 15:59
CVE-2016-4332 6.9
The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will wr
28-11-2016 - 15:17 18-11-2016 - 15:59
CVE-2016-4331 6.9
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.
28-11-2016 - 15:17 18-11-2016 - 15:59
CVE-2016-4330 6.9
In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.
28-11-2016 - 15:17 18-11-2016 - 15:59
CVE-2016-3596 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3595 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3594 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3593 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3591 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3590 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3583 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3582 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3581 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3580 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3577 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
28-11-2016 - 15:11 21-07-2016 - 06:14
CVE-2016-3369 7.8
Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial of service via unspecified vectors, aka "Windows Denial of Service Vulnerability."
28-11-2016 - 15:08 14-09-2016 - 06:59
CVE-2016-3319 9.3
The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."
28-11-2016 - 15:08 09-08-2016 - 17:59
CVE-2016-1681 6.8
Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a cra
28-11-2016 - 15:01 05-06-2016 - 19:59
CVE-2016-1513 6.8
The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.
28-11-2016 - 14:59 05-08-2016 - 10:59
CVE-2016-0241 6.5
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP.
28-11-2016 - 14:52 21-10-2016 - 23:59
CVE-2015-7974 2.1
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
28-11-2016 - 14:45 26-01-2016 - 14:59
CVE-2015-3792 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3791 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3790 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3789 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 20:00
CVE-2015-3788 6.8
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-201
28-11-2016 - 14:26 16-08-2015 - 19:59
CVE-2015-2869 5.0
The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a
28-11-2016 - 14:21 21-07-2015 - 11:59
CVE-2016-4302 6.8
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
06-10-2016 - 21:59 21-09-2016 - 10:25
CVE-2016-3592 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
06-10-2016 - 21:59 21-07-2016 - 06:14
CVE-2016-3578 9.0
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different
06-10-2016 - 21:59 21-07-2016 - 06:14
CVE-2016-4957 5.0
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
05-10-2016 - 11:25 04-07-2016 - 21:59
CVE-2016-4303 7.5
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based b
28-09-2016 - 11:28 26-09-2016 - 10:59
CVE-2016-0301 6.8
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-20
28-07-2016 - 16:11 26-06-2016 - 10:59
CVE-2016-0279 6.8
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-20
28-07-2016 - 16:10 26-06-2016 - 10:59
CVE-2016-0278 6.8
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-20
28-07-2016 - 16:09 26-06-2016 - 10:59
CVE-2016-0277 6.8
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-20
28-07-2016 - 16:09 26-06-2016 - 10:59
CVE-2016-4324 6.8
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens.
12-07-2016 - 13:56 08-07-2016 - 15:59
CVE-2015-6114 4.3
Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6165.
09-12-2015 - 13:08 09-12-2015 - 06:59
CVE-2014-4115 7.2
fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proximate attackers to execute arbitrary code or cause a d
30-10-2015 - 13:24 15-10-2014 - 06:55
CVE-2014-3697 6.4
Absolute path traversal vulnerability in the untar_block function in win32/untar.c in Pidgin before 2.10.10 on Windows allows remote attackers to write to arbitrary files via a drive name in a tar archive of a smiley theme.
19-11-2014 - 21:59 29-10-2014 - 06:55
CVE-2014-3696 5.0
nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.
19-11-2014 - 21:59 29-10-2014 - 06:55
CVE-2014-3695 5.0
markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.
19-11-2014 - 21:59 29-10-2014 - 06:55
CVE-2013-6486 9.3
gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerabilit
16-03-2014 - 00:42 06-02-2014 - 11:10
CVE-2013-6490 10.0
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
08-03-2014 - 00:11 06-02-2014 - 12:00
CVE-2013-6489 5.0
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an integer overflow and a buffer overflow.
08-03-2014 - 00:11 06-02-2014 - 12:00
CVE-2009-2408 6.8
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certif
22-10-2012 - 23:08 30-07-2009 - 15:30
Back to Top Mark selected
Back to Top