Lucene search
K

8272 matches found

BDU FSTEC
BDU FSTEC
added 2017/09/15 12:0 a.m.6 views

The vulnerability of the mv_read_header function in the multimedia library Ffmpeg (libavformat/mvdec.c) allows a attacker to trigger memory consumption and service failure.

The vulnerability of the mvreadheader function in the FFmpeg multimedia library libavformat/mvdec.c is related to resource management errors. Exploiting this vulnerability can allow a remote attacker to trigger memory consumption and service failures by using a specially created MV format file...

7.1CVSS7.1AI score0.01822EPSS
Exploits0References3Affected Software1
exploitpack
exploitpack
added 2017/09/14 12:0 a.m.11 views

Theater Management Script - SQL Injection

Theater Management Script - SQL Injection Exploit Title: Theater Management Script - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/8o2b4417538/php-scripts/theater-management-script Demo:...

0.3AI score
Exploits0
Fedora
Fedora
added 2017/09/13 10:26 p.m.26 views

[SECURITY] Fedora 26 Update: libwmf-0.2.8.4-53.fc26

A library for reading and converting Windows MetaFile vector graphics WMF...

7.5CVSS2.6AI score0.05102EPSS
Exploits0
seebug.org
seebug.org
added 2017/09/13 12:0 a.m.2287 views

The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device (BlueBorne)

General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air airborne and attacks devices via...

8.3CVSS9.6AI score0.2285EPSS
Exploits28
Microsoft CVE
Microsoft CVE
added 2017/09/12 7:0 a.m.33 views

Windows GDI+ Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could...

3.3CVSS2.9AI score0.1404EPSS
Exploits0
CERT
CERT
added 2017/09/08 12:0 a.m.561 views

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Overview Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying...

6.4CVSS4.6AI score0.00309EPSS
Exploits0References2
Prion
Prion
added 2017/09/07 10:29 p.m.22 views

Command injection

XSS persistent on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated b...

4.3CVSS5.9AI score0.01438EPSS
Exploits5References2
Prion
Prion
added 2017/09/05 6:29 p.m.23 views

Heap overflow

An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability...

6.8CVSS7.9AI score0.04599EPSS
Exploits3References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2017/09/05 12:0 a.m.21 views

Ubuntu 14.04 LTS : FontForge vulnerabilities (USN-3409-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3409-1 advisory. It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary...

7.8CVSS7.8AI score0.0144EPSS
Exploits0References9
OSV
OSV
added 2017/09/04 3:44 p.m.7 views

USN-3409-1 fontforge vulnerabilities

It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. CVE-2017-11568, CVE-2017-11569, CVE-2017-11572 It was discovered that FontForge was vulnerable to a stack-based buffer overflow. A remote...

7.8CVSS7.1AI score0.0144EPSS
Exploits0References9
Ubuntu
Ubuntu
added 2017/09/04 3:44 p.m.53 views

USN-3409-1: FontForge vulnerabilities

It was discovered that FontForge was vulnerable to a heap-based buffer over-read. A remote attacker could use a crafted file to DoS or execute arbitrary code. CVE-2017-11568, CVE-2017-11569, CVE-2017-11572 It was discovered that FontForge was vulnerable to a stack-based buffer overflow. A remote...

7.8CVSS7.2AI score0.0144EPSS
Exploits0
exploitpack
exploitpack
added 2017/09/04 12:0 a.m.16 views

RubyGems 2.6.13 - Arbitrary File Overwrite

RubyGems 2.6.13 - Arbitrary File Overwrite There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a...

0.6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2017/09/01 9:29 p.m.4 views

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

5.9CVSS5.5AI score0.00486EPSS
Exploits0References3
Prion
Prion
added 2017/09/01 9:29 p.m.15 views

Design/Logic Flaw

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

4.3CVSS5.7AI score0.00486EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2017/09/01 9:29 p.m.26 views

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

5.9CVSS6.2AI score0.00486EPSS
Exploits0References2
OSV
OSV
added 2017/09/01 9:29 p.m.3 views

UBUNTU-CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

5.9CVSS6.2AI score0.00486EPSS
Exploits0References3
OSV
OSV
added 2017/09/01 9:29 p.m.4 views

DEBIAN-CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

5.9CVSS6.8AI score0.00486EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2017/09/01 9:0 p.m.18 views

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

5.9CVSS5.6AI score0.00486EPSS
Exploits0
CNVD
CNVD
added 2017/09/01 12:0 a.m.4 views

Ffmpeg 'mv_read_header()' function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'mvreadheader' function in the libavformat/mvdec.c file in FFmpeg version 3.3.3, which stems from the program's failure to adequately detect EOF End o...

7.1CVSS7AI score0.01822EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/31 12:0 a.m.2 views

Logic Vulnerability in Growatt Monitoring System App for Android

Growatt Monitoring System is a remote data monitoring center system for PV power plants developed by Grunewald. The system displays PV plant operation data through intuitive charts and graphs, including power plant power generation, revenue, CO2 emission reduction benefits, equipment operation...

7.1AI score
Exploits0
Rows per page
Query Builder