Lucene search
K

126 matches found

Talos
Talos
added 2018/10/03 12:0 a.m.653 views

Google PDFium JBIG2 image ComposeToOpt2WithRect information disclosure vulnerability

Summary An exploitable out-of-bounds read on the heap vulnerability exists in the JBIG2 parsing code of Google Chrome version 67.0.3396.99. A specially crafted PDF document can trigger an out-of-bounds read, which can possibly lead to an information leak that could be used as part of an exploit. ...

8.8CVSS8.9AI score0.01469EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 2:7 p.m.47 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM InfoSphere Information Server

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. This includes the alternate chains certificate forgery vulnerability CVE-2015-1793. OpenSSL is used by the Progress Software DataDirect Connect ODBC drivers which are shipped as a component of IBM InfoSphere Information Server...

7.5CVSS7.6AI score0.74483EPSS
Exploits7Affected Software1
OSV
OSV
added 2018/04/16 4:29 p.m.6 views

CVE-2018-3846

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution...

8.8CVSS9AI score
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2018/03/27 12:9 p.m.59 views

Security update for clamav (important)

This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CH...

10CVSS7.8AI score0.10027EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2018/03/27 12:0 a.m.36 views

SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0809-1)

This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted C...

10CVSS7.3AI score0.10027EPSS
Exploits4References16
Tenable Nessus
Tenable Nessus
added 2018/03/07 12:0 a.m.38 views

Fedora 27 : clamav (2018-602b5345fa)

Update to 0.99.4 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for : - CVE-2012-6706 - CVE-2017-6419 - CVE-2017-11423 - CVE-2018-1000085 There are also a few bug fixes that were not assigned CVEs, but were important enough to address while we had the chance. One of thes...

10CVSS6.6AI score0.10027EPSS
Exploits4References6
OSV
OSV
added 2018/01/23 3:29 p.m.15 views

CVE-2017-15094

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or...

5.9CVSS6.1AI score
Exploits0References2
OpenVAS
OpenVAS
added 2017/11/09 12:0 a.m.11 views

Asterisk pjproject Header DoS Vulnerability

Asterisk is prone to a buffer overflow vulnerability which leads to a denial of service. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.7AI score
Exploits0References1
seebug.org
seebug.org
added 2017/10/16 12:0 a.m.21 views

Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord Memory Corruption Vulnerability(CVE-2016-3591)

Description Partially controlled memory write vulnerability exists in Mac Works Database file format parsing code of Oracle Outside In Technology Content Access SDK. An unchecked pointer arithmetic causes an out of bounds memory write which can lead to denial of service or possibly code execution...

9CVSS8.5AI score0.0393EPSS
Exploits1
Mageia
Mageia
added 2017/07/28 6:12 p.m.72 views

Updated openvpn packages fix security vulnerabilities

It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were known CVE-2017-7508. Some parts of the...

9.8CVSS0.6AI score0.04759EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2017/07/17 2:20 p.m.34 views

CVE-2017-11145

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the...

7.5CVSS3.3AI score0.04812EPSS
Exploits0References1
NVD
NVD
added 2017/07/10 2:29 p.m.39 views

CVE-2017-11145

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the...

7.5CVSS8.2AI score0.04812EPSS
Exploits0References12
Prion
Prion
added 2017/07/10 2:29 p.m.37 views

Out-of-bounds

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the...

5CVSS7.4AI score0.04812EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2017/04/20 6:0 p.m.98 views

CVE-2017-2784

CVE-2017-2784 affects ARM mbed TLS. A crafted X.509 certificate can trigger an invalid free of a stack pointer during parsing, potentially enabling remote code execution. Affected versions: mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. Impact includes remote code execution or ...

8.1CVSS8.1AI score0.0339EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2016/09/27 3:59 p.m.28 views

Design/Logic Flaw

The unformat24bitcolor function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service heap corruption and crash via an incomplete 24bit color code...

5CVSS7.4AI score0.04707EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2016/09/27 3:0 p.m.28 views

CVE-2016-7045

The formatsendtogui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service heap corruption and crash via vectors involving the length of a string...

7.4AI score0.04707EPSS
Exploits1References4
CVE
CVE
added 2016/09/27 3:0 p.m.104 views

CVE-2016-7044

The CVE-2016-7044 issue affects Irssi prior to 0.8.20 where the unformat_24bit_color function in the format parsing code, when compiled with true-color enabled, can be triggered by an incomplete 24bit color code to cause heap corruption and a remote denial of service. The public material ties thi...

7.5CVSS7.5AI score0.04707EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2016/09/22 1:10 p.m.31 views

CVE-2016-7044

The unformat24bitcolor function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service heap corruption and crash via an incomplete 24bit color code...

7.5CVSS4.8AI score0.04707EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2016/09/22 1:10 p.m.23 views

CVE-2016-7045

The formatsendtogui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service heap corruption and crash via vectors involving the length of a string...

7.5CVSS5AI score0.04707EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2016/09/22 12:0 a.m.24 views

Debian DSA-3672-1 : irssi - security update

Gabriel Campana and Adrien Guinet from Quarkslab discovered two remotely exploitable crash and heap corruption vulnerabilities in the format parsing code in Irssi, a terminal based IRC client. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

7.5CVSS7.4AI score0.04707EPSS
Exploits2References4
Rows per page
Query Builder