Search
Total
11946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12370 | 1 Cisco | 1 Webex Meetings | 2019-10-09 | 6.8 MEDIUM | 9.6 CRITICAL |
| A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850. | |||||
| CVE-2017-12260 | 1 Cisco | 16 Spa 501g, Spa 501g Firmware, Spa 502g and 13 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986. | |||||
| CVE-2017-12267 | 1 Cisco | 2 Virtual Wide Area Application Services, Wide Area Application Services | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457. | |||||
| CVE-2017-12270 | 1 Cisco | 1 Ios Xr | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the emsd service stops. Cisco Bug IDs: CSCvb99388. | |||||
| CVE-2017-12259 | 1 Cisco | 2 Small Business Ip Phone, Small Business Ip Phone Firmware | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982. | |||||
| CVE-2017-12240 | 1 Cisco | 1 Ios | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959. | |||||
| CVE-2017-12280 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CAPWAP Discovery Request packets to an affected device. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb95842. | |||||
| CVE-2017-12282 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2019-10-09 | 5.7 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779. | |||||
| CVE-2017-12293 | 1 Cisco | 1 Webex Meetings Server | 2019-10-09 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this vulnerability by opening multiple connections to the server and exhausting server resources. A successful exploit could cause the server to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf41006. | |||||
| CVE-2017-12283 | 1 Cisco | 4 Aironet 3800 Firmware, Aironet 3800e, Aironet 3800i and 1 more | 2019-10-09 | 2.9 LOW | 6.1 MEDIUM |
| A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. The vulnerability exists because the affected device does not properly validate 802.11w PAF disassociation and deauthentication frames that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. This vulnerability affects Access Points that are configured to run in FlexConnect mode. Cisco Bug IDs: CSCvc20627. | |||||
| CVE-2016-9597 | 5 Canonical, Debian, Hp and 2 more | 6 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 3 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. | |||||
| CVE-2016-9577 | 3 Debian, Redhat, Spice Project | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. | |||||
| CVE-2016-9601 | 2 Artifex, Debian | 3 Gpl Ghostscript, Jbig2dec, Debian Linux | 2019-10-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript. | |||||
| CVE-2016-8654 | 3 Debian, Jasper Project, Redhat | 7 Debian Linux, Jasper, Enterprise Linux Desktop and 4 more | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected. | |||||
| CVE-2016-6559 | 1 Freebsd | 1 Freebsd | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37. | |||||
| CVE-2016-6563 | 1 Dlink | 18 Dir-818l\(w\), Dir-818l\(w\) Firmware, Dir-822 and 15 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L. | |||||
| CVE-2016-5800 | 1 Fatek | 2 Automation Fv Designer, Automation Pm Designer V3 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. | |||||
| CVE-2016-2123 | 1 Samba | 1 Samba | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation. | |||||
| CVE-2016-10518 | 1 Ws Project | 1 Ws | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes. | |||||
| CVE-2016-10523 | 1 Mqtt-packet Project | 1 Mqtt-packet | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth. | |||||
| CVE-2015-6458 | 1 Moxa | 1 Softcms | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. | |||||
| CVE-2015-6457 | 1 Moxa | 1 Softcms | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. | |||||
| CVE-2015-2110 | 1 Hp | 1 Loadrunner | 2019-10-09 | 10.0 HIGH | N/A |
| Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-1007 | 1 Opto22 | 4 Optodatalink, Optoopcserver, Pac Display and 1 more | 2019-10-09 | 9.3 HIGH | 7.8 HIGH |
| A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible. | |||||
| CVE-2015-1006 | 1 Opto22 | 4 Optodatalink, Optoopcserver, Pac Display and 1 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible. | |||||
| CVE-2014-8184 | 1 Liblouis | 1 Liblouis | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened. | |||||
| CVE-2014-9187 | 1 Honeywell | 1 Experion Process Knowledge System | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-9189 | 1 Honeywell | 1 Experion Process Knowledge System | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-9709 | 5 Canonical, Debian, Libgd and 2 more | 5 Ubuntu Linux, Debian Linux, Libgd and 2 more | 2019-10-09 | 5.0 MEDIUM | N/A |
| The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. | |||||
| CVE-2012-3278 | 1 Hp | 1 Diagnostics Server | 2019-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in magentservice.exe in HP Diagnostics Server 8.x through 8.07 and 9.x through 9.21 allows remote attackers to execute arbitrary code via a malformed message packet. | |||||
| CVE-2012-3274 | 1 Hp | 1 Intelligent Management Center | 2019-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data. | |||||
| CVE-2011-4167 | 1 Hp | 1 Managed Printing Administration | 2019-10-09 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp. | |||||
| CVE-2011-1851 | 1 Hp | 1 Intelligent Management Center | 2019-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field. | |||||
| CVE-2011-1850 | 1 Hp | 1 Intelligent Management Center | 2019-10-09 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action. | |||||
| CVE-2010-4113 | 1 Hp | 1 Power Manager | 2019-10-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server. | |||||
| CVE-2010-3637 | 2 Adobe, Microsoft | 2 Flash Player, Windows | 2019-10-09 | 9.3 HIGH | N/A |
| An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 (Flash10h.ocx) on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FLV video. | |||||
| CVE-2008-5359 | 1 Sun | 3 Jdk, Jre, Sdk | 2019-10-09 | 9.3 HIGH | N/A |
| Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library. | |||||
| CVE-2008-4562 | 1 Hp | 1 Openview Network Node Manager | 2019-10-09 | 10.0 HIGH | N/A |
| Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205. | |||||
| CVE-2008-4420 | 4 Filestream, Hp, Innermedia and 1 more | 5 Turbozip, Openview Performance Agent, Dynazip Max and 2 more | 2019-10-09 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985. | |||||
| CVE-2008-2829 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2019-10-09 | 5.0 MEDIUM | N/A |
| php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function. | |||||
| CVE-2007-3897 | 1 Microsoft | 2 Outlook Express, Windows Mail | 2019-10-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. | |||||
| CVE-2007-0988 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2019-10-09 | 4.3 MEDIUM | N/A |
| The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument. | |||||
| CVE-2007-0777 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Seamonkey and 1 more | 2019-10-09 | 9.3 HIGH | N/A |
| The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption. | |||||
| CVE-2007-0009 | 3 Canonical, Debian, Mozilla | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2019-10-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. | |||||
| CVE-2006-6500 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2019-10-09 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. | |||||
| CVE-2018-16585 | 3 Artifex, Canonical, Debian | 3 Ghostscript, Ubuntu Linux, Debian Linux | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| ** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193). | |||||
| CVE-2016-10764 | 1 Linux | 1 Linux Kernel | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead. | |||||
| CVE-2018-10238 | 1 Bacnet Protocol Stack Project | 1 Bacnet Protocol Stack | 2019-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu() which copies the content from the request into a local in the bvlc_bdt_forward_npdu() stack frame and clobbers the canary. The attack vector is: A BACnet/IP device with BBMD enabled based on this library connected to IP network. The fixed version is: 0.8.6. | |||||
| CVE-2016-10722 | 1 Partclone Project | 1 Partclone | 2019-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application. | |||||
| CVE-2006-6291 | 1 Mailenable | 1 Mailenable | 2019-10-03 | 6.8 MEDIUM | N/A |
| Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command, as addressed by the ME-10020 hotfix. | |||||