Lucene search
K

238 matches found

Tenable Nessus
Tenable Nessus
added 2009/08/20 12:0 a.m.19 views

GLSA-200908-06 : CDF: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200908-06 CDF: User-assisted execution of arbitrary code Leon Juranic reported multiple heap-based buffer overflows for instance in the ReadAEDRList64, SearchForRecordr64, LastRecord64, and CDFsel64 functions. Impact : A remote...

9.3CVSS6.4AI score0.0286EPSS
Exploits1References2
Prion
Prion
added 2009/08/18 9:0 p.m.14 views

Buffer overflow

Multiple buffer overflows in NASA Common Data Format CDF allow context-dependent attackers to execute arbitrary code, as demonstrated using 1 an array index error in the ReadAEDRList64 function, and other errors in the 2 SearchForRecordr64, 3 LastRecord64, 4 CDFsel64, and other unspecified...

9.3CVSS7.9AI score0.0286EPSS
Exploits1References4
CVE
CVE
added 2009/08/18 8:41 p.m.51 views

CVE-2009-2850

CVE-2009-2850 relates to multiple heap/buffer overflows in NASA’s Common Data Format (CDF) library. The vulnerabilities are triggered by issues in functions such as ReadAEDRList64, SearchForRecord_r_64, LastRecord64, and CDFsel64, allowing context-dependent attackers to potentially execute arbitr...

9.3CVSS7.5AI score0.0286EPSS
Exploits1References4Affected Software1
securityvulns
securityvulns
added 2009/07/21 12:0 a.m.29 views

[INFIGO-2009-07-09]: NASA Common Data Format remote buffer overflow(s)

=================================================================== 'Celebrating 40 years of Apollo and 20 years of buffer overflows' =================================================================== INFIGO IS Security Advisory ADV-2009-07-09 http://www.infigo.hr/en/ Title: NASA Common Data...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2009/07/21 12:0 a.m.30 views

NASA CDF library multiple security vulnerabilities

Memory corruptions in ReadAEDRList64, SearchForRecordr64, LastRecord64, CDFsel64 functions...

3.2AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2009/05/04 4:12 p.m.34 views

CVE-2009-1515

Heap-based buffer overflow in the cdfreadsat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third...

7.6AI score0.03654EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2008/08/20 12:0 a.m.26 views

FreeBSD : cdf3 -- Buffer overflow vulnerability (c4f31e16-6e33-11dd-8eb7-0011098ad87f)

NASA Goddard Space Flight Center reports : The libraries for the scientific data file format, Common Data Format CDF version 3.2 and earlier, have the potential for a buffer overflow vulnerability when reading specially crafted invalid CDF files. If successful, this could trigger execution of...

7.5CVSS5.9AI score0.03868EPSS
Exploits3References3
FreeBSD
FreeBSD
added 2008/05/15 12:0 a.m.22 views

cdf3 -- Buffer overflow vulnerability

NASA Goddard Space Flight Center reports: The libraries for the scientific data file format, Common Data Format CDF version 3.2 and earlier, have the potential for a buffer overflow vulnerability when reading specially-crafted invalid CDF files. If successful, this could trigger execution of...

7.5CVSS7.1AI score0.03868EPSS
Exploits3References1
securityvulns
securityvulns
added 2008/05/14 12:0 a.m.58 views

[ GLSA 200805-14 ] Common Data Format library: User-assisted execution of arbitrary code

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

7.5CVSS7.2AI score0.03868EPSS
Exploits3
seebug.org
seebug.org
added 2008/05/07 12:0 a.m.23 views

CDF库src/lib/cdfread64.c文件栈溢出漏洞

BUGTRAQ ID: 29045 CVECAN ID: CVE-2008-2080 通用数据格式(CDF)是由NASA戈达德航天飞行中心开发的用于存储和操控标量和多维数据的数据格式。 CDF库在打开无效的CDF输入文件时存在栈溢出漏洞,允许攻击者在使用该库的应用程序环境中执行任意指令或导致整个应用程序崩溃。 漏洞存在于src/lib/cdfread64.c文件的以下代码中。Read32s64函数将数据从文件读取到缓冲区,temp缓冲区大小为MAXREAD32s,但没有检查count参数,因此大于MAXREAD32s的参数可能会触发栈溢出。 /----------- 57...

7.5CVSS6.3AI score0.03868EPSS
Exploits3
Prion
Prion
added 2008/05/06 3:20 p.m.11 views

Stack overflow

Stack-based buffer overflow in the Read32s64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format CDF library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags...

7.5CVSS8.3AI score0.03868EPSS
Exploits3References9Affected Software1
NVD
NVD
added 2008/05/06 3:20 p.m.18 views

CVE-2008-2080

Stack-based buffer overflow in the Read32s64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format CDF library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags...

7.5CVSS7.6AI score0.03868EPSS
Exploits3References9
CVE
CVE
added 2008/05/06 3:0 p.m.57 views

CVE-2008-2080

The CVE-2008-2080 issue affects the NASA Goddard Space Flight Center Common Data Format (CDF) library up to version 3.2.0, where a stack-based buffer overflow in Read32s_64 (src/lib/cdfread64.c) can be triggered by specially crafted CDF files with invalid length tags. The underlying cause is impr...

7.5CVSS7.5AI score0.03868EPSS
Exploits3References9Affected Software1
Cvelist
Cvelist
added 2008/05/06 3:0 p.m.30 views

CVE-2008-2080

Stack-based buffer overflow in the Read32s64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format CDF library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags...

7.5AI score0.03868EPSS
Exploits3References9
Core Security
Core Security
added 2008/05/05 12:0 a.m.32 views

NASA's Common Data Format Buffer Overflow

Advisory ID Internal CORE-2008-0326 Advisory Information: Advisory ID: CORE-2008-0326 Advisory URL:https://www.coresecurity.com/?action=item&id=2260 Date published: 2008-05-05 Date of last update: 2008-05-05 Vendors contacted: GODDARD Space Flight Center Release mode: Coordinated release...

7.5CVSS8AI score0.03868EPSS
Exploits3
Packet Storm
Packet Storm
added 2008/05/05 12:0 a.m.67 views

Core Security Technologies Advisory 2008.0326

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ NASA's Common Data Format buffer overflow Advisory Information Title: NASA's Common Data Format buffer overflow Advisory ID: CORE-2008-0326 Advisory URL:...

7.5CVSS0.7AI score0.03868EPSS
Exploits3
NVD
NVD
added 2005/05/02 4:0 a.m.20 views

CVE-2005-0056

Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format CDF files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format CDF Cross Domain Vulnerability."...

5.1CVSS6.9AI score0.28331EPSS
Exploits1References11
CVE
CVE
added 2005/02/08 5:0 a.m.71 views

CVE-2005-0056

CVE-2005-0056 affects Internet Explorer (Windows 2000/XP/Server 2003) via a cross-domain vulnerability in Channel Definition Format (CDF) file URL validation. A malicious web page could trigger information disclosure or remote code execution by exploiting the IE cross-domain security model, poten...

5.1CVSS7AI score0.28331EPSS
Exploits1References11Affected Software2
Rows per page
Query Builder