Search
Total
11946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4356 | 2 Canonical, Libksba Project | 2 Ubuntu Linux, Libksba | 2019-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. | |||||
| CVE-2016-4355 | 2 Canonical, Libksba Project | 2 Ubuntu Linux, Libksba | 2019-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | |||||
| CVE-2016-4354 | 2 Canonical, Libksba Project | 2 Ubuntu Linux, Libksba | 2019-11-29 | 5.0 MEDIUM | 7.5 HIGH |
| ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | |||||
| CVE-2019-0151 | 1 Intel | 888 Core I5-5300u, Core I5-5300u Firmware, Core I5-5350u and 885 more | 2019-11-27 | 7.2 HIGH | 6.7 MEDIUM |
| Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-0152 | 1 Intel | 260 Xeon Bronze 3104, Xeon Bronze 3104 Firmware, Xeon Bronze 3106 and 257 more | 2019-11-27 | 7.2 HIGH | 6.7 MEDIUM |
| Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-2295 | 1 Qualcomm | 64 Apq8009, Apq8009 Firmware, Apq8017 and 61 more | 2019-11-25 | 2.1 LOW | 5.5 MEDIUM |
| Information disclosure due to lack of address range check done on the SysDBG buffers in SDI code. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, MDM9205, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2018-19130 | 1 Libav | 1 Libav | 2019-11-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127. | |||||
| CVE-2015-3166 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2019-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | |||||
| CVE-2009-5047 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2019-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jetty 6.x through 6.1.22 suffers from an escape sequence injection vulnerability from an attack vector by means of: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The attack vector in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a consonant string (string including only letters). | |||||
| CVE-2018-20855 | 3 Linux, Netapp, Opensuse | 6 Linux Kernel, Active Iq Performance Analytics Services, Active Iq Unified Manager and 3 more | 2019-11-20 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | |||||
| CVE-2013-7087 | 3 Clamav, Debian, Fedoraproject | 3 Clamav, Debian Linux, Fedora | 2019-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| ClamAV before 0.97.7 has WWPack corrupt heap memory | |||||
| CVE-2019-16707 | 1 Hunspell Project | 1 Hunspell | 2019-11-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. | |||||
| CVE-2017-5731 | 1 Tianocore | 1 Edk2 | 2019-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2019-1441 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-11-14 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | |||||
| CVE-2006-6684 | 1 Pedro Lineu Orso | 1 Chetcpasswd | 2019-11-13 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2017-12912 | 1 Mp3gain | 1 Mp3gain | 2019-11-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file. | |||||
| CVE-2019-2324 | 1 Qualcomm | 66 Mdm9150, Mdm9150 Firmware, Mdm9206 and 63 more | 2019-11-08 | 10.0 HIGH | 9.8 CRITICAL |
| When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary access in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDX20, SDX24 | |||||
| CVE-2016-3077 | 1 Redhat | 1 Ovirt-engine | 2019-11-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. | |||||
| CVE-2017-5332 | 5 Canonical, Debian, Icoutils Project and 2 more | 11 Ubuntu Linux, Debian Linux, Icoutils and 8 more | 2019-11-06 | 6.8 MEDIUM | 7.8 HIGH |
| The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable. | |||||
| CVE-2013-2739 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2019-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| MiniDLNA has heap-based buffer overflow | |||||
| CVE-2018-18309 | 1 Gnu | 1 Binutils | 2019-10-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking. | |||||
| CVE-2018-17359 | 1 Gnu | 1 Binutils | 2019-10-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. | |||||
| CVE-2018-17358 | 1 Gnu | 1 Binutils | 2019-10-31 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file. | |||||
| CVE-2018-12152 | 1 Intel | 1 Graphics Driver | 2019-10-30 | 4.6 MEDIUM | 7.8 HIGH |
| Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access. | |||||
| CVE-2017-14742 | 1 Labf | 1 Nfsaxe | 2019-10-29 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely. | |||||
| CVE-2014-1912 | 2 Apple, Python | 2 Mac Os X, Python | 2019-10-25 | 7.5 HIGH | N/A |
| Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | |||||
| CVE-2010-2089 | 1 Python | 1 Python | 2019-10-25 | 5.0 MEDIUM | N/A |
| The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. | |||||
| CVE-2015-8220 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2019-10-22 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link. | |||||
| CVE-2019-15247 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15248 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15249 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15250 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15251 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15252 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15240 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15241 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15242 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15244 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15243 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15245 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2019-15246 | 1 Cisco | 4 Spa112, Spa112 Firmware, Spa122 and 1 more | 2019-10-18 | 5.2 MEDIUM | 8.0 HIGH |
| Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit these vulnerabilities by authenticating to the web-based management interface and sending crafted requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges. Note: The web-based management interface is enabled by default. | |||||
| CVE-2017-9052 | 1 Libdwarf Project | 1 Libdwarf | 2019-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list(). | |||||
| CVE-2019-14569 | 1 Intel | 10 Nuc 8 Mainstream Game Kit, Nuc 8 Mainstream Game Kit Firmware, Nuc 8 Mainstream Game Mini Computer and 7 more | 2019-10-17 | 4.6 MEDIUM | 7.8 HIGH |
| Pointer corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2017-14328 | 1 Extremenetworks | 1 Extremexos | 2019-10-17 | 7.8 HIGH | 7.5 HIGH |
| Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot. | |||||
| CVE-2018-21027 | 1 Boa | 1 Boa | 2019-10-17 | 7.5 HIGH | 9.8 CRITICAL |
| Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled. | |||||
| CVE-2015-5040 | 1 Ibm | 1 Domino | 2019-10-16 | 7.5 HIGH | N/A |
| Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994. | |||||
| CVE-2015-4994 | 1 Ibm | 1 Domino | 2019-10-16 | 7.5 HIGH | N/A |
| Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040. | |||||
| CVE-2015-1902 | 1 Ibm | 1 Domino | 2019-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA. | |||||
| CVE-2016-0301 | 1 Ibm | 1 Domino | 2019-10-16 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279. | |||||
| CVE-2015-1903 | 1 Ibm | 1 Domino | 2019-10-16 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y. | |||||