Total
11965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12705 | 1 Advantech | 1 Webop | 2017-11-14 | 4.6 MEDIUM | 7.8 HIGH |
| A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code. | |||||
| CVE-2016-4736 | 1 Apple | 1 Mac Os X | 2017-11-14 | 9.3 HIGH | 8.8 HIGH |
| libarchive in Apple OS X before 10.12 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2016-1246 | 3 Dbd-mysql Project, Debian, Perl | 3 Dbd-mysql, Debian Linux, Perl | 2017-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message. | |||||
| CVE-2017-16357 | 1 Radare | 1 Radare2 | 2017-11-13 | 6.8 MEDIUM | 7.8 HIGH |
| In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory. | |||||
| CVE-2017-13140 | 1 Imagemagick | 1 Imagemagick | 2017-11-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. | |||||
| CVE-2014-9449 | 2 Exiv2, Fedoraproject | 2 Exiv2, Fedora | 2017-11-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file. | |||||
| CVE-2011-5174 | 1 Intel | 20 3450 Chipset, 5500 Chipset, 5520 Chipset and 17 more | 2017-11-10 | 7.2 HIGH | N/A |
| Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express; Intel Q57, 3450 Chipsets and Mobile Intel QM57 and QS57 Express Chipset before i5_i7_DUAL_SINIT_51.BIN and i7_QUAD_SINIT_51.BIN; Mobile Intel GM45, GS45, and PM45 Express Chipset before GM45_GS45_PM45_SINIT_51.BIN; Intel Q35 Express Chipsets before Q35_SINIT_51.BIN; and Intel 5520, 5500, X58, and 7500 Chipsets before SINIT ACM 1.1 allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors. | |||||
| CVE-2015-4422 | 1 Huawei | 2 Mate 7, Mate 7 Firmware | 2017-11-08 | 7.6 HIGH | 7.0 HIGH |
| The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application. | |||||
| CVE-2017-15650 | 1 Musl-libc | 1 Musl | 2017-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. | |||||
| CVE-2017-9530 | 1 Irfanview | 2 Irfanview, Tools | 2017-11-08 | 4.4 MEDIUM | 7.8 HIGH |
| IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000150." | |||||
| CVE-2017-6273 | 1 Nvidia | 2 Adsp Firmware, Tegra Jetson L4t | 2017-11-08 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges. | |||||
| CVE-2017-1000249 | 1 File Project | 1 File | 2017-11-08 | 2.1 LOW | 5.5 MEDIUM |
| An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). | |||||
| CVE-2015-1572 | 3 Canonical, Debian, E2fsprogs Project | 3 Ubuntu Linux, Debian Linux, E2fsprogs | 2017-11-08 | 4.6 MEDIUM | N/A |
| Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247. | |||||
| CVE-2017-11721 | 1 Ioquake3 | 1 Ioquake3 | 2017-11-08 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet. | |||||
| CVE-2013-5680 | 1 Lee Howard | 1 Hylafax\+ | 2017-11-08 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command. | |||||
| CVE-2015-4421 | 1 Huawei | 2 Mate 7, Mate 7 Firmware | 2017-11-07 | 7.6 HIGH | 7.5 HIGH |
| The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified input. | |||||
| CVE-2014-9474 | 1 Mpfr | 1 Gnu Mpfr | 2017-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str. | |||||
| CVE-2017-9372 | 1 Digium | 2 Certified Asterisk, Open Source | 2017-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. | |||||
| CVE-2016-4333 | 1 Hdfgroup | 1 Hdf5 | 2017-11-04 | 6.9 MEDIUM | 8.6 HIGH |
| The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it. | |||||
| CVE-2017-14540 | 1 Irfanview | 1 Irfanview | 2017-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e." | |||||