| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7443 | Cri | 0.57 | 9.8 | 0.02 | Mar 7, 2018 | Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." | ||
| CVE-2016-5179 | Cri | 0.64 | 9.8 | 0.02 | Mar 7, 2018 | Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot. | ||
| CVE-2018-5469 | Cri | 0.64 | 9.8 | 0.03 | Mar 6, 2018 | An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has… | ||
| CVE-2018-6809 | Cri | 0.64 | 9.8 | 0.04 | Mar 6, 2018 | NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. | ||
| CVE-2018-6530 | Cri | 0.89 | 9.8 | 0.97 | KEV | Mar 6, 2018 | OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and… | |
| CVE-2018-1343 | — | Cri | 0.64 | 9.8 | 0.01 | Mar 6, 2018 | PAM exposure enabling unauthenticated access to remote host | |
| CVE-2015-5377 | Cri | 0.58 | 9.8 | 0.15 | Mar 6, 2018 | Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability | ||
| CVE-2018-7732 | Cri | 0.64 | 9.8 | 0.01 | Mar 6, 2018 | An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html. | ||
| CVE-2018-1000101 | Cri | 0.64 | 9.8 | 0.02 | Mar 6, 2018 | Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via… | ||
| CVE-2018-7716 | Cri | 0.64 | 9.8 | 0.02 | Mar 5, 2018 | PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC… | ||
| CVE-2018-7715 | Cri | 0.64 | 9.8 | 0.02 | Mar 5, 2018 | PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC… | ||
| CVE-2018-7493 | Cri | 0.64 | 9.8 | 0.02 | Mar 5, 2018 | CactusVPN through 6.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root. | ||
| CVE-2017-18215 | Cri | 0.64 | 9.8 | 0.02 | Mar 5, 2018 | xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value. | ||
| CVE-2018-5455 | Cri | 0.64 | 9.8 | 0.02 | Mar 5, 2018 | A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack… | ||
| CVE-2018-7667 | — | Cri | 0.57 | 9.8 | 0.05 | Mar 5, 2018 | Adminer through 4.3.1 has SSRF via the server parameter. | |
| CVE-2018-7666 | Cri | 0.64 | 9.8 | 0.01 | Mar 5, 2018 | An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter. | ||
| CVE-2018-7665 | Cri | 0.68 | 9.8 | 0.16 | Mar 5, 2018 | An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php. | ||
| CVE-2018-7664 | Cri | 0.64 | 9.8 | 0.02 | Mar 5, 2018 | An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php. | ||
| CVE-2018-7648 | Cri | 0.00 | 9.8 | 0.02 | Mar 2, 2018 | An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line. | ||
| CVE-2017-18212 | Cri | 0.64 | 9.8 | 0.02 | Mar 1, 2018 | An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload. | ||
| CVE-2018-7047 | Cri | 0.64 | 9.8 | 0.02 | Mar 1, 2018 | An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well). | ||
| CVE-2017-18211 | Cri | 0.64 | 9.8 | 0.04 | Mar 1, 2018 | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel. | ||
| CVE-2017-18210 | Cri | 0.64 | 9.8 | 0.03 | Mar 1, 2018 | In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked. | ||
| CVE-2017-14804 | Cri | 0.64 | 9.9 | 0.02 | Mar 1, 2018 | The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots. | ||
| CVE-2018-7584 | Cri | 0.10 | 9.8 | 0.88 | Mar 1, 2018 | In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in… | ||
| CVE-2018-7573 | Cri | 0.72 | 9.8 | 0.70 | Mar 1, 2018 | An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and… | ||
| CVE-2018-2368 | Cri | 0.64 | 9.8 | 0.03 | Mar 1, 2018 | SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. | ||
| CVE-2018-7561 | Cri | 0.64 | 9.8 | 0.02 | Mar 1, 2018 | Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact. | ||
| CVE-2017-12627 | Cri | 0.57 | 9.8 | 0.08 | Mar 1, 2018 | In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | ||
| CVE-2018-7264 | Cri | 0.68 | 9.8 | 0.13 | Feb 28, 2018 | The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process… | ||
| CVE-2018-7556 | Cri | 0.59 | 9.1 | 0.02 | Feb 28, 2018 | LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file. | ||
| CVE-2018-7477 | Cri | 0.67 | 9.8 | 0.03 | Feb 28, 2018 | SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. | ||
| CVE-2018-7554 | Cri | 0.64 | 9.8 | 0.02 | Feb 28, 2018 | There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||
| CVE-2018-7553 | Cri | 0.64 | 9.8 | 0.03 | Feb 28, 2018 | There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||
| CVE-2018-7552 | Cri | 0.64 | 9.8 | 0.02 | Feb 28, 2018 | There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||
| CVE-2018-7551 | Cri | 0.64 | 9.8 | 0.02 | Feb 28, 2018 | There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||
| CVE-2018-6641 | Cri | 0.64 | 9.8 | 0.06 | Feb 28, 2018 | An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This… | ||
| CVE-2018-6640 | Cri | 0.64 | 9.8 | 0.04 | Feb 28, 2018 | A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d. | ||
| CVE-2018-6639 | Cri | 0.64 | 9.8 | 0.04 | Feb 28, 2018 | An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d. | ||
| CVE-2018-6638 | Cri | 0.64 | 9.8 | 0.04 | Feb 28, 2018 | A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d. | ||
| CVE-2018-7548 | Cri | 0.64 | 9.8 | 0.03 | Feb 27, 2018 | In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. | ||
| CVE-2017-18206 | Cri | 0.64 | 9.8 | 0.03 | Feb 27, 2018 | In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. | ||
| CVE-2016-10714 | Cri | 0.57 | 9.8 | 0.02 | Feb 27, 2018 | In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. | ||
| CVE-2014-10072 | Cri | 0.64 | 9.8 | 0.03 | Feb 27, 2018 | In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links. | ||
| CVE-2014-10071 | Cri | 0.64 | 9.8 | 0.03 | Feb 27, 2018 | In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. | ||
| CVE-2018-6481 | Cri | 0.68 | 9.8 | 0.20 | Feb 27, 2018 | A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124. | ||
| CVE-2018-1372 | Cri | 0.64 | 9.8 | 0.02 | Feb 27, 2018 | IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772. | ||
| CVE-2017-15692 | — | Cri | 0.00 | 9.8 | 0.05 | Feb 27, 2018 | In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath. | |
| CVE-2018-4895 | Cri | 0.65 | 9.8 | 0.14 | Feb 27, 2018 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is… | ||
| CVE-2018-4879 | Cri | 0.66 | 9.8 | 0.29 | Feb 27, 2018 | An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is… |
- risk 0.57cvss 9.8epss 0.02
Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location."
- risk 0.64cvss 9.8epss 0.02
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.
- risk 0.64cvss 9.8epss 0.03
An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has…
- risk 0.64cvss 9.8epss 0.04
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
- risk 0.89cvss 9.8epss 0.97
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and…
- risk 0.64cvss 9.8epss 0.01
PAM exposure enabling unauthenticated access to remote host
- risk 0.58cvss 9.8epss 0.15
Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html.
- risk 0.64cvss 9.8epss 0.02
Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via…
- risk 0.64cvss 9.8epss 0.02
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC…
- risk 0.64cvss 9.8epss 0.02
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC…
- risk 0.64cvss 9.8epss 0.02
CactusVPN through 6.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.
- risk 0.64cvss 9.8epss 0.02
xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when decoding PNG comment fields, leading to crashes or potentially code execution, because it uses an incorrect length value.
- risk 0.64cvss 9.8epss 0.02
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack…
- risk 0.57cvss 9.8epss 0.05
Adminer through 4.3.1 has SSRF via the server parameter.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter.
- risk 0.68cvss 9.8epss 0.16
An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the file_name parameter to /api/file_uploader.php or /actions/file_downloader.php.
- risk 0.00cvss 9.8epss 0.02
An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).
- risk 0.64cvss 9.8epss 0.04
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
- risk 0.64cvss 9.8epss 0.03
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
- risk 0.64cvss 9.9epss 0.02
The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.
- risk 0.10cvss 9.8epss 0.88
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in…
- risk 0.72cvss 9.8epss 0.70
An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and…
- risk 0.64cvss 9.8epss 0.03
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
- risk 0.64cvss 9.8epss 0.02
Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14_EN allows remote attackers to cause a denial of service or possibly have unspecified other impact.
- risk 0.57cvss 9.8epss 0.08
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
- risk 0.68cvss 9.8epss 0.13
The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process…
- risk 0.59cvss 9.1epss 0.02
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.
- risk 0.64cvss 9.8epss 0.02
There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
- risk 0.64cvss 9.8epss 0.03
There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
- risk 0.64cvss 9.8epss 0.02
There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
- risk 0.64cvss 9.8epss 0.02
There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
- risk 0.64cvss 9.8epss 0.06
An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This…
- risk 0.64cvss 9.8epss 0.04
A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d.
- risk 0.64cvss 9.8epss 0.04
An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d.
- risk 0.64cvss 9.8epss 0.04
A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d.
- risk 0.64cvss 9.8epss 0.03
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.
- risk 0.64cvss 9.8epss 0.03
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
- risk 0.57cvss 9.8epss 0.02
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
- risk 0.64cvss 9.8epss 0.03
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
- risk 0.64cvss 9.8epss 0.03
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.
- risk 0.68cvss 9.8epss 0.20
A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124.
- risk 0.64cvss 9.8epss 0.02
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 137772.
- risk 0.00cvss 9.8epss 0.05
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath.
- risk 0.65cvss 9.8epss 0.14
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is…
- risk 0.66cvss 9.8epss 0.29
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is…