CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6907 matches found

OSV•added 2017/03/06 6:59 a.m.•2 views

ALPINE-CVE-2016-10244

The parsecharstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service heap-based buffer over-read or possibly have unspecified other impact via a crafted file...

7.8CVSS7.6AI score0.00334EPSS

Exploits1References1

OSV•added 2017/03/06 12:0 a.m.•0 views

UBUNTU-CVE-2016-10244

7.8CVSS7.4AI score0.00334EPSS

Exploits1References5

OSV•added 2017/03/03 3:59 p.m.•3 views

AZL-36954 CVE-2017-5834 affecting package libplist 2.7.0-1

The parsedictnode function in bplist.c in libplist allows attackers to cause a denial of service out-of-bounds heap read and crash via a crafted file...

5.5CVSS6.8AI score0.00321EPSS

Exploits0References1

OSV•added 2017/03/03 3:59 p.m.•4 views

AZL-7267 CVE-2017-5834 affecting package libplist 2.1.0-4

The parsedictnode function in bplist.c in libplist allows attackers to cause a denial of service out-of-bounds heap read and crash via a crafted file...

5.5CVSS6.8AI score0.00321EPSS

Exploits0References1

AlpineLinux•added 2017/03/03 3:0 p.m.•3 views

CVE-2017-5834

The parsedictnode function in bplist.c in libplist allows attackers to cause a denial of service out-of-bounds heap read and crash via a crafted file...

5.5CVSS6.8AI score0.00321EPSS

Exploits0References5

CNVD•added 2017/03/03 12:0 a.m.•2 views

Rapid7 Metasploit Directory Traversal Vulnerability

Metasploit Pro is a guided penetration testing platform. A directory traversal vulnerability exists in the Meterpreter extapi Clipboard.parsedump function in versions prior to Rapid7 Metasploit 4.13.0-2017020701. An attacker can exploit the vulnerability to write arbitrary files on the Metasploit...

7.1CVSS7AI score0.00299EPSS

Exploits0References1

OSV•added 2017/03/02 8:59 p.m.•3 views

CVE-2017-5229

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parsedump function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console...

7.1CVSS5.9AI score

Exploits0References2

CNVD•added 2017/03/02 12:0 a.m.•2 views

radare2 denial of service vulnerability (CNVD-2017-02721)

radare2 is an open source reverse engineering flat. A denial of service vulnerability in the dexparsedebugitem function in libr/bin/p/bindex.c in radare2 version 1.2.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted DEX file...

7.8CVSS6.7AI score0.00292EPSS

Exploits0References1

OSV•added 2017/02/24 4:59 a.m.•0 views

UBUNTU-CVE-2017-6309

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parsefile function. These might lead to invalid read and write operations, controlled by an attacker...

7.8CVSS7.1AI score0.00443EPSS

Exploits0References5

UbuntuCve•added 2017/02/24 4:59 a.m.•21 views

CVE-2017-6309

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parsefile function. These might lead to invalid read and write operations, controlled by an attacker...

7.8CVSS7.1AI score0.00443EPSS

Exploits0References4

CNVD•added 2017/02/24 12:0 a.m.•3 views

tnef 'parse_file()' function denial of service vulnerability

tnef is a set of programs for decompressing MIME attachments. A security vulnerability in the tnef 'parsefile' function allows an attacker to exploit the vulnerability to submit a special file for a denial-of-service attack that could crash the application...

7.8CVSS6.8AI score0.00443EPSS

Exploits0References1

OSV•added 2017/02/17 2:59 a.m.•0 views

UBUNTU-CVE-2016-9831

Heap-based buffer overflow in the parseSWFRGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file...

7.8CVSS7.4AI score0.0021EPSS

Exploits1References5

CNVD•added 2017/02/16 12:0 a.m.•1 views

PHP integer overflow vulnerability (CNVD-2017-01946)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. An...

7.5CVSS8.7AI score0.14189EPSS

Exploits0References1

CNVD•added 2017/02/16 12:0 a.m.•1 views

PHP buffer overflow vulnerability (CNVD-2017-01945)

9.8CVSS9.1AI score0.06501EPSS

Exploits0References1

OSV•added 2017/02/15 3:59 p.m.•0 views

UBUNTU-CVE-2015-8979

Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service segmentation fault via a long string sent to TCP port 4242...

7.5CVSS7.4AI score0.0339EPSS

Exploits2References5

CNVD•added 2017/02/10 12:0 a.m.•2 views

GStreamer gst_avi_demux_parse_ncdt function denial of service vulnerability

GStreamer is an open source multimedia framework. GStreamer has a security vulnerability in the gst-plugins-good/gst/avi/gstavidemux.c/gstavidemuxparsencdt function, which causes a denial of service for remote attackers...

7.5CVSS6.9AI score0.01838EPSS

Exploits0References1

OSV•added 2017/02/09 3:59 p.m.•1 views

DEBIAN-CVE-2017-5840

The qtdemuxparsesamples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service out-of-bounds heap read via vectors involving the current stts index...

7.5CVSS7.3AI score0.03769EPSS

Exploits0References1

OSV•added 2017/02/09 3:59 p.m.•2 views

ALPINE-CVE-2017-5840

7.5CVSS6.8AI score0.03769EPSS

Exploits0References1

OSV•added 2017/02/09 12:0 a.m.•0 views

UBUNTU-CVE-2017-5840

7.5CVSS7.2AI score0.03769EPSS

Exploits0References4

OSV•added 2017/01/28 1:59 a.m.•2 views

ALPINE-CVE-2017-5483