Lucene search
K

853 matches found

Cvelist
Cvelist
added 2018/06/11 9:0 p.m.19 views

CVE-2017-7804

The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This...

8AI score0.01507EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2018/05/23 7:28 p.m.21 views

Schneider Electric Patches XML Vulnerability In Software

Schneider Electric on Tuesday issued fixes for a vulnerability in its SoMachine Basic software, which could result in the disclosure and retrieval of arbitrary data. The software in question is used to develop code for programmable logic controllers. Attackers can leverage a vulnerability within...

5CVSS1.5AI score0.0156EPSS
Exploits0References3
0day.today
0day.today
added 2018/05/15 12:0 a.m.162 views

WordPress WP ULike 2.8.1 / 3.1 Arbitrary Data Deletion Vulnerability

WordPress WP ULike plugin versions 2.8.1 and 3.1 suffer from an arbitrary data deletion vulnerability. Details ================ Software: WP ULike Version: 2.8.1,3.1 Homepage: https://wordpress.org/plugins/wp-ulike/ Advisory report: https://advisories.dxw.com/advisories/wp-ulike-delete-rows/ CVE:...

0.2AI score
Exploits0
CNVD
CNVD
added 2018/05/09 12:0 a.m.1 views

Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2018-10987)

Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. Microsoft Windows suffers from an elevation of privilege vulnerability. The vulnerability arises because the Win32k component fails to properly handle objects in memor...

7.2CVSS7.4AI score0.73721EPSS
Exploits18References1
Prion
Prion
added 2018/04/24 7:29 p.m.18 views

Heap overflow

An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability...

7.5CVSS9.4AI score0.01943EPSS
Exploits3References1Affected Software1
UbuntuCve
UbuntuCve
added 2018/04/24 7:29 p.m.27 views

CVE-2017-12087

An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability...

10CVSS7.3AI score0.01943EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2018/04/17 12:50 a.m.33 views

CVE-2018-3846

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

8.8CVSS7.7AI score0.03074EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2018/04/16 4:29 p.m.23 views

CVE-2018-3849

In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

8.8CVSS7.6AI score0.04034EPSS
Exploits1References2
Prion
Prion
added 2018/04/12 7:29 p.m.15 views

Design/Logic Flaw

A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution...

6.8CVSS7.8AI score0.01501EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2018/04/12 5:0 p.m.26 views

CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...

8.7CVSS7.6AI score0.01101EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/04/12 12:0 a.m.6 views

PT-2018-16262 · Talos +1 · Computerinsel Photoline +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: A specially crafted TIFF image can cause an out-of-bounds write when processed, allowing an attacker to overwrite arbitrary data and potentially gain code execution by delivering a...

8.8CVSS8.5AI score0.01271EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2018/04/12 12:0 a.m.5 views

PT-2018-16255 · Talos +1 · Computerinsel Photoline +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a...

8.8CVSS8.2AI score0.01501EPSS
Exploits1References3
CNVD
CNVD
added 2018/04/12 12:0 a.m.5 views

Computerinsel Photoline PCX Parsing Function Memory Corruption Vulnerability

PhotoLine is a multipurpose image and graphics editor. A memory corruption vulnerability exists in the PCX parsing feature of Computerinsel Photoline 20.53. An attacker can exploit the vulnerability by crafting a PCX image to cause out-of-bounds writes, overwrite arbitrary data, and thus enable...

8.8CVSS7.7AI score0.0147EPSS
Exploits1References1
NVD
NVD
added 2018/04/11 8:29 p.m.26 views

CVE-2018-3887

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability...

8.8CVSS8.3AI score0.0147EPSS
Exploits1References1
Zero Science Lab
Zero Science Lab
added 2018/04/07 12:0 a.m.592 views

KYOCERA Multi-Set Template Editor 3.4 Out-Of-Band XML External Entity Injection

Summary KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000 devices. Tasks that used to require multiple programs or walking to each printer can now be...

7.5CVSS5.9AI score0.00754EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2018/03/05 7:43 p.m.27 views

bson is vulnerable to denial of service due to incorrect regex validation

BSON injection vulnerability in the legal function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

9.8CVSS9AI score0.04751EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2018/03/05 7:43 p.m.19 views

GHSA-H6RJ-8R3C-9GPJ bson is vulnerable to denial of service due to incorrect regex validation

BSON injection vulnerability in the legal function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

9.8CVSS9.2AI score0.04751EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2018/02/13 12:0 a.m.27 views

CVE-2018-5378

The Quagga BGP daemon bgpd prior to version 1.2.3 does not properly bounds check the data sent with a NOTIFY to a peer, if an attribute length is invalid. Arbitrary data from the bgpd process may be sent over the network to a peer and/or bgpd may crash...

7.1CVSS6.8AI score0.74599EPSS
Exploits0References3
Prion
Prion
added 2018/02/05 4:29 p.m.15 views

Design/Logic Flaw

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

7.5CVSS7.4AI score0.04751EPSS
Exploits1References6Affected Software1
UbuntuCve
UbuntuCve
added 2018/02/05 4:29 p.m.22 views

CVE-2015-4412

BSON injection vulnerability in the legal? function in BSON bson-ruby gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service resource consumption or inject arbitrary data via a crafted string...

9.8CVSS7.3AI score0.04751EPSS
Exploits1References1
Rows per page
Query Builder