Total
11965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5240 | 1 Rapid7 | 1 Appspider Pro | 2017-05-16 | 5.0 MEDIUM | 7.5 HIGH |
| Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash. | |||||
| CVE-2017-8419 | 1 Lame Project | 1 Lame | 2017-05-16 | 6.8 MEDIUM | 7.8 HIGH |
| LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels. | |||||
| CVE-2017-2113 | 1 Iodata | 14 Ts-ptcam, Ts-ptcam\/poe, Ts-ptcam\/poe Firmware and 11 more | 2017-05-10 | 8.3 HIGH | 8.8 HIGH |
| Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-8289 | 1 Riot Project | 1 Riot | 2017-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have unspecified other impact via a malformed IPv6 address. | |||||
| CVE-2017-8305 | 1 13thmonkey | 1 Udfclient | 2017-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. UDFclient's strlcpy is used only on systems with a C library (e.g., glibc) that lacks its own strlcpy. | |||||
| CVE-2015-8957 | 1 Imagemagick | 1 Imagemagick | 2017-05-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. | |||||
| CVE-2016-8030 | 1 Mcafee | 1 Virusscan Enterprise | 2017-05-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link. | |||||
| CVE-2017-2155 | 1 I.con Corporation | 1 Hoozin Viewer | 2017-05-06 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage. | |||||
| CVE-2017-2142 | 1 Iodata | 2 Wn-g300r3, Wn-g300r3 Firmware | 2017-05-05 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-7720 | 1 Privatetunnel | 1 Privatetunnel | 2017-05-03 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password. | |||||
| CVE-2016-3076 | 1 Python | 1 Pillow | 2017-04-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | |||||
| CVE-2011-3428 | 1 Apple | 1 Quicktime | 2017-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code. | |||||
| CVE-2017-8070 | 1 Linux | 1 Linux Kernel | 2017-04-28 | 7.2 HIGH | 7.8 HIGH |
| drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2011-3438 | 1 Apple | 1 Safari | 2017-04-28 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution. | |||||
| CVE-2016-4293 | 1 Hancom | 1 Hancom Office 2014 | 2017-04-27 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file. | |||||
| CVE-2007-6761 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 4.6 MEDIUM | 7.8 HIGH |
| drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. | |||||
| CVE-2017-8061 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-8066 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-8069 | 1 Linux | 1 Linux Kernel | 2017-04-27 | 7.2 HIGH | 7.8 HIGH |
| drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2015-1521 | 1 Bro | 1 Bro | 2017-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure) via a crafted DNP3 packet. | |||||