| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9953 | Hig | 0.49 | 7.5 | 0.03 | Jun 26, 2017 | There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | ||
| CVE-2017-7458 | Hig | 0.49 | 7.5 | 0.02 | Jun 26, 2017 | The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address. | ||
| CVE-2017-6324 | Hig | 0.48 | 7.3 | 0.01 | Jun 26, 2017 | The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm… | ||
| CVE-2017-9949 | Hig | 0.51 | 7.8 | 0.02 | Jun 26, 2017 | The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer… | ||
| CVE-2016-8493 | Hig | 0.57 | 8.8 | 0.02 | Jun 26, 2017 | In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. | ||
| CVE-2015-3315 | Hig | 0.47 | 7.8 | 0.05 | Jun 26, 2017 | Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an… | ||
| CVE-2015-3215 | Hig | 0.42 | 7.5 | 0.02 | Jun 26, 2017 | The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options. | ||
| CVE-2017-9948 | Hig | 0.58 | 8.8 | 0.06 | Jun 26, 2017 | A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box. | ||
| CVE-2017-7496 | Hig | 0.46 | 7.0 | 0.00 | Jun 26, 2017 | fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories. | ||
| CVE-2017-9935 | Hig | 0.58 | 8.8 | 0.04 | Jun 26, 2017 | In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or… | ||
| CVE-2017-7459 | Hig | 0.49 | 7.5 | 0.01 | Jun 26, 2017 | ntopng before 3.0 allows HTTP Response Splitting. | ||
| CVE-2017-6678 | Hig | 0.49 | 7.5 | 0.02 | Jun 26, 2017 | A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to… | ||
| CVE-2017-6669 | Hig | 0.51 | 7.8 | 0.02 | Jun 26, 2017 | Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch… | ||
| CVE-2017-6662 | Hig | 0.52 | 8.0 | 0.02 | Jun 26, 2017 | A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code… | ||
| CVE-2017-9872 | Hig | 0.54 | 7.8 | 0.10 | Jun 25, 2017 | The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a… | ||
| CVE-2017-9871 | Hig | 0.51 | 7.8 | 0.02 | Jun 25, 2017 | The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio… | ||
| CVE-2017-9840 | Hig | 0.57 | 8.8 | 0.01 | Jun 25, 2017 | Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application. | ||
| CVE-2017-9846 | Hig | 0.57 | 8.8 | 0.03 | Jun 24, 2017 | Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder. | ||
| CVE-2017-9833 | Hig | 0.57 | 7.5 | 0.68 | Jun 24, 2017 | /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because… | ||
| CVE-2017-9829 | Hig | 0.54 | 7.5 | 0.69 | Jun 23, 2017 | '/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already… | ||
| CVE-2017-1347 | Hig | 0.57 | 8.8 | 0.01 | Jun 23, 2017 | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462. | ||
| CVE-2017-9776 | Hig | 0.51 | 7.8 | 0.02 | Jun 22, 2017 | Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | ||
| CVE-2017-0897 | Hig | 0.49 | 7.5 | 0.04 | Jun 22, 2017 | ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution. | ||
| CVE-2017-0176 | Hig | 0.56 | 8.1 | 0.46 | Jun 22, 2017 | A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote… | ||
| CVE-2017-3629 | Hig | 0.54 | 7.8 | 0.05 | Jun 22, 2017 | Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to… | ||
| CVE-2017-4988 | Hig | 0.47 | 7.2 | 0.02 | Jun 21, 2017 | EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. | ||
| CVE-2017-3219 | Hig | 0.57 | 8.8 | 0.00 | Jun 21, 2017 | Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. | ||
| CVE-2017-3218 | Hig | 0.57 | 8.8 | 0.00 | Jun 21, 2017 | Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates. | ||
| CVE-2016-7508 | Hig | 0.52 | 7.5 | 0.02 | Jun 21, 2017 | Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding. | ||
| CVE-2017-7922 | Hig | 0.53 | 7.6 | 0.10 | Jun 21, 2017 | An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes. | ||
| CVE-2017-6045 | Hig | 0.49 | 7.5 | 0.02 | Jun 21, 2017 | An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information. | ||
| CVE-2017-6043 | Hig | 0.49 | 7.5 | 0.02 | Jun 21, 2017 | A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available. | ||
| CVE-2017-2813 | Hig | 0.57 | 8.8 | 0.02 | Jun 21, 2017 | An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered… | ||
| CVE-2017-9774 | Hig | 0.57 | 8.8 | 0.02 | Jun 21, 2017 | Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication. | ||
| CVE-2017-9780 | Hig | 0.51 | 7.8 | 0.00 | Jun 21, 2017 | In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable… | ||
| CVE-2017-2831 | Hig | 0.49 | 7.5 | 0.03 | Jun 21, 2017 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker… | ||
| CVE-2017-2830 | Hig | 0.49 | 7.5 | 0.03 | Jun 21, 2017 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker… | ||
| CVE-2017-2828 | Hig | 0.58 | 8.8 | 0.08 | Jun 21, 2017 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation… | ||
| CVE-2017-2827 | Hig | 0.58 | 8.8 | 0.08 | Jun 21, 2017 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation… | ||
| CVE-2017-9766 | Hig | 0.49 | 7.5 | 0.04 | Jun 21, 2017 | In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. | ||
| CVE-2017-3087 | Hig | 0.49 | 7.5 | 0.03 | Jun 20, 2017 | Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate. | ||
| CVE-2017-7668 | Hig | 0.53 | 7.5 | 0.57 | Jun 20, 2017 | The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a… | ||
| CVE-2017-3745 | Hig | 0.51 | 7.8 | 0.00 | Jun 20, 2017 | In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and… | ||
| CVE-2017-3743 | Hig | 0.49 | 7.5 | 0.01 | Jun 20, 2017 | If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be… | ||
| CVE-2017-3214 | Hig | 0.49 | 7.5 | 0.01 | Jun 20, 2017 | The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary. | ||
| CVE-2017-9763 | Hig | 0.49 | 7.5 | 0.04 | Jun 19, 2017 | The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a… | ||
| CVE-2017-1000379 | Hig | 0.54 | 7.8 | 0.02 | Jun 19, 2017 | The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected. | ||
| CVE-2017-1000376 | Hig | 0.46 | 7.0 | 0.01 | Jun 19, 2017 | libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be… | ||
| CVE-2017-1000371 | Hig | 0.54 | 7.8 | 0.02 | Jun 19, 2017 | The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above… | ||
| CVE-2017-1000370 | Hig | 0.54 | 7.8 | 0.02 | Jun 19, 2017 | The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the… |
- risk 0.49cvss 7.5epss 0.03
There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
- risk 0.49cvss 7.5epss 0.02
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.
- risk 0.48cvss 7.3epss 0.01
The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm…
- risk 0.51cvss 7.8epss 0.02
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer…
- risk 0.57cvss 8.8epss 0.02
In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.
- risk 0.47cvss 7.8epss 0.05
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an…
- risk 0.42cvss 7.5epss 0.02
The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options.
- risk 0.58cvss 8.8epss 0.06
A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.
- risk 0.46cvss 7.0epss 0.00
fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.
- risk 0.58cvss 8.8epss 0.04
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or…
- risk 0.49cvss 7.5epss 0.01
ntopng before 3.0 allows HTTP Response Splitting.
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to…
- risk 0.51cvss 7.8epss 0.02
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch…
- risk 0.52cvss 8.0epss 0.02
A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code…
- risk 0.54cvss 7.8epss 0.10
The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a…
- risk 0.51cvss 7.8epss 0.02
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio…
- risk 0.57cvss 8.8epss 0.01
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
- risk 0.57cvss 8.8epss 0.03
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.
- risk 0.57cvss 7.5epss 0.68
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because…
- risk 0.54cvss 7.5epss 0.69
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already…
- risk 0.57cvss 8.8epss 0.01
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.
- risk 0.51cvss 7.8epss 0.02
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
- risk 0.49cvss 7.5epss 0.04
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
- risk 0.56cvss 8.1epss 0.46
A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote…
- risk 0.54cvss 7.8epss 0.05
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to…
- risk 0.47cvss 7.2epss 0.02
EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.
- risk 0.57cvss 8.8epss 0.00
Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash.
- risk 0.57cvss 8.8epss 0.00
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.
- risk 0.52cvss 7.5epss 0.02
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.
- risk 0.53cvss 7.6epss 0.10
An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.
- risk 0.49cvss 7.5epss 0.02
An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.
- risk 0.49cvss 7.5epss 0.02
A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available.
- risk 0.57cvss 8.8epss 0.02
An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered…
- risk 0.57cvss 8.8epss 0.02
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
- risk 0.51cvss 7.8epss 0.00
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable…
- risk 0.49cvss 7.5epss 0.03
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker…
- risk 0.49cvss 7.5epss 0.03
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker…
- risk 0.58cvss 8.8epss 0.08
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation…
- risk 0.58cvss 8.8epss 0.08
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation…
- risk 0.49cvss 7.5epss 0.04
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
- risk 0.49cvss 7.5epss 0.03
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.
- risk 0.53cvss 7.5epss 0.57
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a…
- risk 0.51cvss 7.8epss 0.00
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and…
- risk 0.49cvss 7.5epss 0.01
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be…
- risk 0.49cvss 7.5epss 0.01
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.
- risk 0.49cvss 7.5epss 0.04
The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a…
- risk 0.54cvss 7.8epss 0.02
The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.
- risk 0.46cvss 7.0epss 0.01
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be…
- risk 0.54cvss 7.8epss 0.02
The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to RLIM_INFINITY and 1 Gigabyte of memory is allocated (the maximum under the 1/4 restriction) then the stack will be grown down to 0x80000000, and as the PIE binary is mapped above…
- risk 0.54cvss 7.8epss 0.02
The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to be execve()'ed with 1GB of arguments or environmental strings then the stack occupies the address 0x80000000 and the PIE binary is mapped above 0x40000000 nullifying the…