Lucene search
K

694 matches found

CNVD
CNVD
added 2018/09/29 12:0 a.m.4 views

HPE Intelligent Management Center Remote Code Execution Vulnerability

HPE Intelligent Management Center iMC is a suite of network intelligent management center solutions from Hewlett Packard Enterprise HPE. The solution provides network-wide visibility and enables comprehensive management of resources, services, and users. wireless Service Manager WSM Software is o...

10CVSS9.9AI score0.08867EPSS
Exploits0References1
CNVD
CNVD
added 2018/09/21 12:0 a.m.4 views

Google Android WLAN Integer Overflow Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and WLAN is a wireless connection module used in it. WLAN in Android suffers from an integer overflow vulnerability that stems from the program not performing a check when...

7.8CVSS7.9AI score0.00201EPSS
Exploits0References1
Prion
Prion
added 2018/09/19 2:29 p.m.18 views

Integer overflow

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function...

7.2CVSS8AI score0.00201EPSS
Exploits0References2
OSV
OSV
added 2018/09/16 5:29 p.m.1 views

DEBIAN-CVE-2018-17088

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is...

7.8CVSS6.2AI score0.01557EPSS
Exploits1References1
Prion
Prion
added 2018/09/16 5:29 p.m.23 views

Integer overflow

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is...

6.8CVSS7.7AI score0.01766EPSS
Exploits2References2Affected Software1
PyPA
PyPA
added 2018/08/20 12:29 a.m.7 views

PYSEC-2018-21

PyCryptodome before 3.6.6 has an integer overflow in the datalen variable in AESNI.c, related to the AESNIencrypt and AESNIdecrypt functions, leading to the mishandling of messages shorter than 16 bytes...

7.5CVSS7.2AI score0.0174EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2018/08/20 12:0 a.m.8 views

PT-2018-13086 · Legion Of The Bouncy Castle · Pycryptodome

Name of the Vulnerable Software and Affected Versions: PyCryptodome versions prior to 3.6.6 Description: The issue is related to an integer overflow in the data len variable in AESNI.c, which affects the AESNI encrypt and AESNI decrypt functions. This leads to the mishandling of messages shorter...

8.7CVSS6.4AI score0.0174EPSS
Exploits1References10
CNVD
CNVD
added 2018/08/20 12:0 a.m.6 views

PyCryptodome Integer Overflow Vulnerability

PyCryptodome is a cryptographic package for Python consisting of low-level cryptographic primitives. An integer overflow vulnerability exists in the datalen variable of the AESNI.c file in PyCryptodome versions prior to 3.6.6. An attacker can exploit this vulnerability with the help of messages...

7.5CVSS7.7AI score0.0174EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2018/07/13 12:0 a.m.22 views

Adobe Acrobat Pro DC ImageConversion EMF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

6.8CVSS5.6AI score0.09237EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/10 12:0 a.m.7 views

Android Qualcomm WLAN Information Disclosure Vulnerability (CNVD-2018-13387)

Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handset Alliance OHA, with Qualcomm WLAN being one of the components used. Qualcomm WLAN is a wireless LAN component developed by Qualco...

5.5CVSS5.1AI score0.00178EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2018/05/18 12:0 a.m.32 views

Advantech WebAccess Node waexec Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within waexec.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process...

9.3CVSS3.8AI score0.03842EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/18 12:0 a.m.4 views

Foxit Reader Arbitrary Code Execution Vulnerability (CNVD-2018-11852)

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. An arbitrary code execution vulnerability exists in the parsing of the U3D 3DView object in Foxit Reader version 9.0.1.1049. The vulnerability stems from the program's failure to properly validate the length of...

8.8CVSS8.3AI score0.02773EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2018/05/17 2:0 p.m.57 views

CVE-2018-7159

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

5.3CVSS6.5AI score0.03621EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2018/05/14 12:0 a.m.17 views

(0Day) Delta Industrial Automation DOPSoft DPA File TagTotalSize Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

6.8CVSS4.3AI score
Exploits0
CNVD
CNVD
added 2018/04/28 12:0 a.m.7 views

Foxit Reader ConvertToPDF_x86 BMP Parsing Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the ConvertToPDFx86.dll implementation that can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of the length of...

8.8CVSS7.7AI score0.03226EPSS
Exploits0References1
seebug.org
seebug.org
added 2017/09/29 12:0 a.m.92 views

Broadcom: Heap overflow when handling 802.11v WNM Sleep Mode Response(CVE-2017-7065)

Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. In order to allow clients to configure...

8.8AI score0.01148EPSS
Exploits2
0day.today
0day.today
added 2017/09/26 12:0 a.m.79 views

Broadcom 802.11v WNM Sleep Mode Response Heap Overflow Vulnerability

Broadcom suffers from a heap overflow vulnerability when handling 802.11v WNM Sleep Mode Response. Broadcom: Heap overflow when handling 802.11v WNM Sleep Mode Response CVE-2017-7065 Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are...

0.1AI score0.01148EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2017/09/15 12:0 a.m.8 views

The vulnerability of the Advantech WebAccess remote monitoring software lies in insufficient verification of the data length provided by the user. This allows a intruder to gain unauthorized access to the device and execute arbitrary code.

The vulnerability of Advantech WebAccess remote monitoring software arises due to buffer overflow in the stack. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the device and execute arbitrary code within the context of the process...

7.5CVSS8.6AI score0.0317EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/08/30 6:29 p.m.4 views

CVE-2017-12704

A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.220170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could...

8.8CVSS7.8AI score0.02601EPSS
Exploits0References2
CNVD
CNVD
added 2017/08/30 12:0 a.m.6 views

Advantech WebAccess HEAP Buffer Overflow Vulnerability

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess suffers from a HEAP buffer overflow...

8.8CVSS9.1AI score0.02601EPSS
Exploits0References1
Rows per page
Query Builder