CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

303 matches found

Prion•added 2020/11/30 6:15 p.m.•20 views

Buffer overflow

ReadyMedia aka MiniDLNA before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove...

7.5CVSS9.8AI score0.67559EPSS

Exploits1References4Affected Software2

UbuntuCve•added 2020/11/30 6:15 p.m.•29 views

CVE-2020-28926

9.8CVSS7.3AI score0.67559EPSS

Exploits1References5

Cvelist•added 2020/11/30 5:9 p.m.•22 views

CVE-2020-28926

9.9AI score0.67559EPSS

Exploits1References4

Microsoft CVE•added 2020/09/25 7:0 a.m.•2 views

The string component in the GNU C Library (aka glibc or libc6) through 2.28 when running on the x32 architecture incorrectly attempts to use a 64-bit register for size_t in assembly codes which can lead to a segmentation fault or possibly unspecified other impact as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.

...

7.8CVSS8.8AI score0.00149EPSS

Exploits0

RedHat Linux•added 2020/09/14 12:43 p.m.•1 views

httpd: Push diary crash on specifically crafted HTTP/2 header

A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS7.1AI score0.76276EPSS

Exploits0References5

RedHat Linux•added 2020/09/10 1:10 p.m.•1 views

httpd: Push diary crash on specifically crafted HTTP/2 header

7.5CVSS7.1AI score0.76276EPSS

Exploits0References5

OSV•added 2020/07/06 6:10 p.m.•0 views

USN-4416-1 glibc vulnerabilities

Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2017-121...

9.8CVSS7AI score0.04945EPSS

Exploits6References12

Ubuntu•added 2020/07/06 6:10 p.m.•108 views

USN-4416-1: GNU C Library vulnerabilities

9.8CVSS7.6AI score0.04945EPSS

Exploits6

OSV•added 2020/05/16 3:15 p.m.•16 views

CVE-2020-13111

NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing t...

7.5CVSS6.8AI score

Exploits0References2

NVD•added 2020/05/16 3:15 p.m.•7 views

CVE-2020-13111

7.5CVSS7.4AI score0.00578EPSS

Exploits0References2

CVE•added 2020/05/16 2:50 p.m.•35 views

CVE-2020-13111

NaviServer 4.99.4–4.99.19 is affected by a denial-of-service in the nsd/driver.c ChunkedDecode function, caused by improper validation of chunk length. A remote attacker can craft a chunked-transfer request that passes a negative size to memmove, crashing the process. The issue is documented acro...

7.5CVSS7.4AI score0.00578EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2020/03/31 7:34 p.m.•1 views

rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c

An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter in this case, a space or a colon but fails to account for strings that do not satisfy this...

9.8CVSS7.5AI score0.01796EPSS

Exploits0References4

Talos•added 2019/11/05 12:0 a.m.•69 views

LEADTOOLS CMP-parsing code execution vulnerability

Summary An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability...

8.8CVSS7.9AI score0.00335EPSS

Exploits1

RedhatCVE•added 2019/10/29 4:55 p.m.•37 views

CVE-2019-17041

9.8CVSS0.9AI score0.01796EPSS

Exploits0References3

NVD•added 2019/10/07 4:15 p.m.•13 views

CVE-2019-17042

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...

9.8CVSS9.5AI score0.00487EPSS

Exploits0References7

OSV•added 2019/10/07 4:15 p.m.•1 views

UBUNTU-CVE-2019-17042

9.8CVSS6.9AI score0.00487EPSS

Exploits0References4

UbuntuCve•added 2019/09/11 3:15 p.m.•22 views

CVE-2019-16226

An issue was discovered in py-lmdb 0.97. mdbnodedel does not validate a memmove in the case of an unexpected node-mnhi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...

7.5CVSS7.1AI score0.00433EPSS

Exploits1References2

PyPA•added 2019/09/11 3:15 p.m.•5 views

PYSEC-2019-238

7.5CVSS7AI score0.00433EPSS

Exploits1References3Affected Software1

OSV•added 2019/09/11 3:15 p.m.•0 views

UBUNTU-CVE-2019-16226

7.5CVSS5.8AI score0.00433EPSS

Exploits1References3

CVE•added 2019/09/11 2:47 p.m.•53 views

CVE-2019-16226

CVE-2019-16226 affects py-lmdb 0.97. The vulnerability arises in the mdb_node_del function, which does not validate a memmove when encountering an unexpected node->mn_hi, leading to an invalid write operation. This is described as occurring when accessing a data.mdb file supplied by an attacke...

7.5CVSS7.4AI score0.00433EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by