Total
12126 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2325 | 1 Juniper | 1 Northstar Controller | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. | |||||
| CVE-2017-7187 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. | |||||
| CVE-2017-6956 | 1 Broadcom | 2 Hardmac Wi-fi Soc, Hardmac Wi-fi Soc Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE). | |||||
| CVE-2016-9933 | 2 Libgd, Php | 2 Libgd, Php | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. | |||||
| CVE-2013-7459 | 2 Dlitz, Fedoraproject | 2 Pycrypto, Fedora | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | |||||
| CVE-2017-6416 | 1 Flexense | 1 Sysgauge | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string. | |||||
| CVE-2017-0138 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2024-02-04 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | |||||
| CVE-2017-6891 | 1 Gnu | 1 Gnutls Libtasn1 | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. | |||||
| CVE-2016-8686 | 1 Potrace Project | 1 Potrace | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | |||||
| CVE-2017-6949 | 1 Call-cc | 1 Chicken | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow. | |||||
| CVE-2016-8685 | 1 Potrace Project | 1 Potrace | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image. | |||||
| CVE-2017-7585 | 1 Libsndfile Project | 1 Libsndfile | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. | |||||
| CVE-2016-7081 | 2 Microsoft, Vmware | 3 Windows, Workstation Player, Workstation Pro | 2024-02-04 | 6.9 MEDIUM | 7.8 HIGH |
| Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. | |||||
| CVE-2017-6986 | 1 Apple | 1 Mac Os X | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-9635 | 3 Debian, Gstreamer, Redhat | 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. | |||||
| CVE-2016-7933 | 1 Tcpdump | 1 Tcpdump | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print(). | |||||
| CVE-2016-7446 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317. | |||||
| CVE-2016-7286 | 1 Microsoft | 1 Edge | 2024-02-04 | 7.6 HIGH | 7.5 HIGH |
| The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297. | |||||
| CVE-2017-5886 | 1 Podofo Project | 1 Podofo | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | |||||
| CVE-2016-8790 | 1 Huawei | 10 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 7 more | 2024-02-04 | 5.5 MEDIUM | 5.7 MEDIUM |
| Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could allow the attacker to exploit a buffer overflow vulnerability by sending crafted packets to the affected system to cause a main control board reboot. | |||||