CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

426 matches found

Veracode•added 2018/04/25 6:50 a.m.•23 views

Denial Of Service (DoS) Through Stack Buffer Overflow

librelp.so is vulnerable to denial of service DoS through stack-based buffer overflow attacks. The vulnerability exists in relpTcpChkPeerName of src/tcp.c where it was possible to overflow the call to snprintf when parsing a malicious x509 certificate, causing a denial of service DoS, and possibl...

9.8CVSS9.1AI score0.27155EPSS

Exploits1References15Affected Software1

CNVD•added 2018/03/08 12:0 a.m.•1 views

Mingw-w64 Design Vulnerability

Mingw-w64 is a dedicated gcc runtime environment for Windows. A security vulnerability exists in Mingw-w64 5.0.3 and earlier in mingw-w64-crt libc-vsnprintf. An attacker can exploit this vulnerability to corrupt subsequent string functions...

9.8CVSS6.8AI score0.00568EPSS

Exploits0References1

OSV•added 2018/03/06 5:29 p.m.•2 views

DEBIAN-CVE-2018-1000101

Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination CWE-170 vulnerability in mingw-w64-crt libc-vsnprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage,...

9.8CVSS6.8AI score0.00568EPSS

Exploits0References1

UbuntuCve•added 2018/03/06 5:29 p.m.•15 views

CVE-2018-1000101

9.8CVSS7.1AI score0.00568EPSS

Exploits0References2

NVD•added 2018/03/06 5:29 p.m.•7 views

CVE-2018-1000101

9.8CVSS9.5AI score0.00568EPSS

Exploits0References5

OSV•added 2018/03/06 5:29 p.m.•0 views

UBUNTU-CVE-2018-1000101

9.8CVSS7.2AI score0.00568EPSS

Exploits0References3

Prion•added 2018/03/06 5:29 p.m.•11 views

Design/Logic Flaw

7.5CVSS9.4AI score0.00568EPSS

Exploits0References5Affected Software1

Cvelist•added 2018/03/06 5:0 p.m.•9 views

CVE-2018-1000101

9.5AI score0.00568EPSS

Exploits0References5

Debian CVE•added 2018/03/06 5:0 p.m.•11 views

CVE-2018-1000101

9.8CVSS9.5AI score0.00568EPSS

Exploits0

Tenable Nessus•added 2017/12/21 12:0 a.m.•33 views

F5 Networks BIG-IP : NTP vulnerability (K32262483)

The mx4200send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write...

7.8CVSS7.7AI score0.00037EPSS

Exploits0References2

Tenable Nessus•added 2017/04/19 12:0 a.m.•34 views

SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2017:1048-1)

This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed bsc1030050 : - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock -...

8.8CVSS6.4AI score0.08526EPSS

Exploits2References17

OSV•added 2017/04/18 2:6 p.m.•5 views

SUSE-SU-2017:1047-1 Security update for ntp

This ntp update to version 4.2.8p10 fixes serveral issues. This updated enables leap smearing. See /usr/share/doc/packages/ntp/README.leapsmear for details. Security issues fixed bsc1030050: - CVE-2017-6464: Denial of Service via Malformed Config - CVE-2017-6462: Buffer Overflow in DPTS Clock -...

8.8CVSS6.8AI score0.08526EPSS

Exploits2References10

OSV•added 2017/03/27 5:59 p.m.•4 views

CVE-2017-6451

7.8CVSS6.1AI score0.00037EPSS

Exploits0References7

NVD•added 2017/03/27 5:59 p.m.•21 views

CVE-2017-6451

7.8CVSS7.9AI score0.00037EPSS

Exploits0References7

Hacker One•added 2017/03/10 11:35 a.m.•34 views

shopify-scripts: sprintf gem - format string combined attack

In the sprintf gem, NOT included in mruby-engine, there are severe vulnerabilities, including information leak, and heap buffer overflow. Here are the technical details. Technical Error 1: ============== The CHECKl macro can sometimes receive negative values, that will bypass the size checks, sin...

7.3AI score

Exploits0

CNVD•added 2016/09/14 12:0 a.m.•3 views

Wireshark H.225 Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the epan/dissectors/packet-h225.c file in th...

5.9CVSS7.8AI score0.00506EPSS

Exploits0References1

OSV•added 2016/09/09 10:59 a.m.•0 views

DEBIAN-CVE-2016-7176

epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service copy overlap and application crash via a crafted packet...

5.9CVSS7.3AI score0.00506EPSS

Exploits0References1

OSV•added 2016/09/09 10:59 a.m.•0 views

UBUNTU-CVE-2016-7176

5.9CVSS6.6AI score0.00506EPSS

Exploits0References4

OSV•added 2016/08/05 8:59 p.m.•0 views

UBUNTU-CVE-2014-9901

The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 2013 devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service device hang or reboot via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711...

7.5CVSS7.2AI score0.0051EPSS

Exploits0References4

OSV•added 2016/05/30 12:0 a.m.•0 views

UBUNTU-CVE-2016-5114

sapi/fpm/fpm/fpmlog.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and buffer overflow via a long...

9.1CVSS7.3AI score0.01016EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by