Lucene search
K

5931 matches found

Hacker One
Hacker One
added 2017/05/09 9:29 p.m.49 views

Internet Bug Bounty: CVE-2017-8798 - miniupnp getHTTPResponse chunked encoding integer signedness error

Integer signedness error in miniupnpc 1 allows remote attackers to cause a denial of service condition access violation and heap corruption via specially crafted HTTP response An integer signedness error was found in miniupnp's miniwget allowing an unauthenticated remote entity typically located ...

7.5CVSS9.3AI score0.24027EPSS
Exploits6
CNVD
CNVD
added 2017/05/09 12:0 a.m.4 views

PoDoFo Denial of Service Vulnerability (CNVD-2017-07617)

PoDoFo is an open source , written in C++ using the PDF file format library . A denial of service vulnerability exists in the 'PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry' function in the base/PdfXRefStreamParserObject.cpp file in PoDoFo version 0.9.5. ' function is vulnerable to a...

8.8CVSS7AI score0.01625EPSS
Exploits0References1
Apache Httpd
Apache Httpd
added 2017/05/06 12:0 a.m.116 views

Apache Httpd < 2.4.26 : ap_find_token() Buffer Overread

The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force...

7.5CVSS2AI score0.57472EPSS
Exploits1Affected Software1
Apache Httpd
Apache Httpd
added 2017/05/06 12:0 a.m.49 views

Apache Httpd < 2.2.34 : ap_find_token() Buffer Overread

The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force...

7.5CVSS2AI score0.57472EPSS
Exploits1Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/05/04 12:0 a.m.6 views

The vulnerability of the Linux operating system, which allows a perpetrator to trigger a service failure or cause other effects

The vulnerability in the driver drivers/net/can/usb/gsusb.c of the Linux operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a local attacker to improperly interact with the CONFIGVMAPSTACK parameter, resulting in a...

7.8CVSS7.3AI score0.00429EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2017/05/01 6:59 p.m.1 views

DEBIAN-CVE-2017-8393

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHTREL/SHRRELA sections are always named starting with a .rel/.rela prefix. This...

7.5CVSS7.7AI score0.01854EPSS
Exploits0References1
OSV
OSV
added 2017/05/01 6:59 p.m.3 views

UBUNTU-CVE-2017-8393

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHTREL/SHRRELA sections are always named starting with a .rel/.rela prefix. This...

7.5CVSS7.2AI score0.01854EPSS
Exploits0References3
OSV
OSV
added 2017/05/01 1:59 a.m.1 views

DEBIAN-CVE-2016-10350

The archivereadformatcabreadheader function in archivereadsupportformatcab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted file...

5.5CVSS5.9AI score0.01605EPSS
Exploits0References1
OSV
OSV
added 2017/04/30 7:59 p.m.3 views

ALPINE-CVE-2017-8365

The i2lesarray function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted audio file...

6.5CVSS6.7AI score0.03423EPSS
Exploits0References1
OSV
OSV
added 2017/04/30 7:59 p.m.4 views

ALPINE-CVE-2017-8363

The flacbuffercopy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted audio file...

6.5CVSS6.8AI score0.03347EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2017/04/27 12:0 a.m.6 views

The vulnerabilities in programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat allow attackers to breach the confidentiality of information.

The vulnerabilities of PDF viewing and editing programs such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat are related to reading beyond the buffer limit and memory leaks resulting from parsing segment APP13 into JPEG files. Exploiting these...

4.3CVSS7.1AI score0.03404EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2017/04/27 12:0 a.m.19 views

The vulnerabilities in programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat allow attackers to breach the confidentiality of information.

The vulnerability of image conversion tools for viewing and editing PDF files, such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat, is related to reading beyond the buffer limit and memory leaks caused by parsing EMF format files. Exploiting this...

4.3CVSS7.1AI score0.03404EPSS
Exploits0References4Affected Software2
CNVD
CNVD
added 2017/04/21 12:0 a.m.2 views

libcroco 'cr_input_new_from_uri' function denial of service vulnerability

libcroco is a CSS2 parsing library. A security vulnerability exists in the 'crinputnewfromuri' function in the cr-input.c file in libcroco versions 0.6.11 and 0.6.12. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer out-of-bounds read with the help of a...

5.5CVSS5.7AI score0.02001EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2017/04/20 12:0 a.m.7 views

The vulnerability of the Mac OS X operating system allows a perpetrator to trigger a service failure or obtain confidential information.

The vulnerability of the Menus component in the Mac OS X operating system arises from reading data beyond the specified buffer limit. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information or cause a service failure reading beyond the...

5.8CVSS7.3AI score0.00906EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/04/13 12:0 a.m.7 views

The vulnerability of the Mac OS X operating system and the iOS operating system allows attackers to trigger service interruptions or obtain confidential information.

The vulnerability of the FontParser component in the Mac OS X and iOS operating systems arises from reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to obtain confidential information or cause a service failure such as reading beyond the memory limit or...

5.8CVSS7.6AI score0.01313EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2017/04/13 12:0 a.m.8 views

The vulnerability of the FreeType library, which allows a perpetrator to trigger a service failure or cause other effects

The vulnerability of the parsecharstrings function in the type1/t1load.c file of the FreeType library does not guarantee that the font contains the glyph’s name. This vulnerability arises from reading beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cau...

6.8CVSS7.4AI score0.03235EPSS
Exploits1References3
OSV
OSV
added 2017/04/11 11:59 p.m.6 views

UBUNTU-CVE-2017-7697

In libsamplerate before 0.1.9, a buffer over-read occurs in the calcoutputsingle function in srcsinc.c via a crafted audio file...

5.5CVSS6.3AI score0.00913EPSS
Exploits0References4
OSV
OSV
added 2017/04/11 11:59 p.m.1 views

DEBIAN-CVE-2017-7697

In libsamplerate before 0.1.9, a buffer over-read occurs in the calcoutputsingle function in srcsinc.c via a crafted audio file...

5.5CVSS7.1AI score0.00913EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/04/09 12:0 a.m.2 views

PT-2017-17839 · Red Hat +3 · Elfutils +3

Name of the Vulnerable Software and Affected Versions: elfutils version 0.168 Description: The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, via a crafted ELF file. This is due to the ebl object note type name functio...

9.8CVSS5.9AI score0.03691EPSS
Exploits18References168
OSV
OSV
added 2017/03/24 7:59 p.m.3 views

UBUNTU-CVE-2016-10271

tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service heap-based buffer over-read and buffer overflow or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tiffax3.c:413:13...

7.8CVSS7.2AI score0.02213EPSS
Exploits0References3
Rows per page
Query Builder