Search
Total
782 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5950 | 1 Yaml-cpp Project | 1 Yaml-cpp | 2017-04-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. | |||||
| CVE-2016-8774 | 1 Huawei | 8 Mate 8, Mate 8 Firmware, Mate S and 5 more | 2017-04-11 | 7.2 HIGH | 6.7 MEDIUM |
| The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366; and P9 phones with software Versions before EVA-AL10C00B190, Versions before EVA-DL10C00B190, Versions before EVA-TL10C00B190, Versions before EVA-CL10C00B190 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. | |||||
| CVE-2016-8802 | 1 Huawei | 6 Secospace Usg6300, Secospace Usg6300 Firmware, Secospace Usg6500 and 3 more | 2017-04-05 | 6.8 MEDIUM | 6.5 MEDIUM |
| The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system. | |||||
| CVE-2016-8775 | 1 Huawei | 8 Nem-al10, Nem-al10 Firmware, Nem-l21 and 5 more | 2017-04-05 | 7.2 HIGH | 6.7 MEDIUM |
| Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code, related to a buffer overflow. | |||||
| CVE-2017-5238 | 1 Eviewgps | 2 Ev-07s Gps Tracker, Ev-07s Gps Tracker Firmware | 2017-03-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field. | |||||
| CVE-2017-7275 | 1 Imagemagick | 1 Imagemagick | 2017-03-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. | |||||
| CVE-2016-9264 | 1 Libming | 1 Libming | 2017-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. | |||||
| CVE-2016-9011 | 1 Wvware | 1 Libwmf | 2017-03-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure. | |||||
| CVE-2016-9556 | 3 Debian, Imagemagick, Opensuse Project | 3 Debian Linux, Imagemagick, Leap | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. | |||||
| CVE-2016-10046 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file. | |||||
| CVE-2014-9840 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. | |||||
| CVE-2014-9836 | 1 Imagemagick | 1 Imagemagick | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. | |||||
| CVE-2015-4049 | 1 Unisys | 1 Mcp-firmware | 2017-03-14 | 5.6 MEDIUM | 6.8 MEDIUM |
| Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption. | |||||
| CVE-2015-4408 | 1 Hikvision | 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more | 2017-03-14 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue. | |||||
| CVE-2015-4409 | 1 Hikvision | 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more | 2017-03-14 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue. | |||||
| CVE-2015-4407 | 1 Hikvision | 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more | 2017-03-14 | 6.8 MEDIUM | 6.5 MEDIUM |
| Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue. | |||||
| CVE-2017-6596 | 1 Partclone Project | 1 Partclone | 2017-03-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user running the affected application. | |||||
| CVE-2016-8971 | 1 Ibm | 1 Websphere Mq | 2017-03-09 | 6.8 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663. | |||||
| CVE-2016-10040 | 1 Qt | 1 Qxmlsimplereader | 2017-03-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags. | |||||
| CVE-2016-9823 | 1 Libav | 1 Libav | 2017-03-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2016-9773 | 1 Imagemagick | 1 Imagemagick | 2017-02-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556. | |||||
| CVE-2016-9827 | 1 Libming | 1 Libming | 2017-02-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file. | |||||
| CVE-2016-6832 | 1 Libav | 1 Libav | 2017-02-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing. | |||||
| CVE-2016-1907 | 1 Openbsd | 1 Openssh | 2017-02-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | |||||
| CVE-2016-10154 | 1 Linux | 1 Linux Kernel | 2017-02-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist. | |||||
| CVE-2016-8685 | 1 Potrace Project | 1 Potrace | 2017-02-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image. | |||||
| CVE-2017-5217 | 1 Samsung | 1 Samsung Mobile | 2017-01-11 | 7.1 HIGH | 5.5 MEDIUM |
| Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917. | |||||
| CVE-2017-5216 | 1 Netop | 1 Remote Control | 2017-01-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially designed malicious file containing special characters is loaded, the overflow occurs. 12.51 is the fixed version. The Support case ref is 00109744. | |||||
| CVE-2016-8658 | 1 Linux | 1 Linux Kernel | 2017-01-07 | 5.6 MEDIUM | 6.1 MEDIUM |
| Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket. | |||||
| CVE-2016-8104 | 1 Intel | 1 Proset\/wireless Software And Drivers | 2016-12-27 | 2.1 LOW | 5.5 MEDIUM |
| Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service. | |||||
| CVE-2016-6363 | 1 Cisco | 1 Aironet Access Point Software | 2016-12-12 | 6.1 MEDIUM | 6.5 MEDIUM |
| The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.11 frames, aka Bug ID CSCva06192. | |||||
| CVE-2016-9799 | 1 Bluez | 1 Bluez | 2016-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | |||||
| CVE-2016-9801 | 1 Bluez | 1 Bluez | 2016-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file. | |||||
| CVE-2016-9800 | 1 Bluez | 1 Bluez | 2016-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter. | |||||
| CVE-2016-9804 | 1 Bluez | 1 Bluez | 2016-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | |||||
| CVE-2016-9803 | 1 Bluez | 1 Bluez | 2016-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed. | |||||
| CVE-2015-8726 | 1 Wireshark | 1 Wireshark | 2016-12-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file. | |||||
| CVE-2015-8725 | 1 Wireshark | 1 Wireshark | 2016-12-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv6 prefix length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. | |||||
| CVE-2015-8723 | 1 Wireshark | 1 Wireshark | 2016-12-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. | |||||
| CVE-2015-8713 | 1 Wireshark | 1 Wireshark | 2016-12-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet. | |||||
| CVE-2015-7117 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7092. | |||||
| CVE-2015-7089 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7090 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7091 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7087 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7088 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7092 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 tag in MP3 data in a movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7117. | |||||
| CVE-2015-7085 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7086 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2016-2213 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data. | |||||