CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

236 matches found

Debian CVE•added 2018/02/16 12:0 a.m.•18 views

CVE-2018-7186

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and...

9.8CVSS10AI score0.0352EPSS

Exploits0

seebug.org•added 2017/04/06 12:0 a.m.•93 views

PHP Server Side Request Forgery Security Bypass Vulnerability（CVE-2017-7272）

For historical reasons, fsockopen accepts the port and hostname separately: fsockopen'127.0.0.1', 80 However, with the introdcution of stream transports in PHP 4.3, it became possible to include the port in the hostname specifier: fsockopen'127.0.0.1:80' Or more formally:...

5.8CVSS7.8AI score0.03514EPSS

Exploits2

NVD•added 2016/08/07 4:59 p.m.•16 views

CVE-2016-5356

wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...

5.9CVSS6.1AI score0.02489EPSS

Exploits0References8

NVD•added 2016/08/07 4:59 p.m.•17 views

CVE-2016-5355

wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service application crash via a crafted file...

5.9CVSS6.1AI score0.02489EPSS

Exploits0References8

OSV•added 2016/08/07 4:59 p.m.•1 views

DEBIAN-CVE-2016-5355

5.9CVSS6.5AI score0.02489EPSS

Exploits0References1

OSV•added 2016/08/07 4:59 p.m.•2 views

UBUNTU-CVE-2016-5356

5.9CVSS6.9AI score0.02489EPSS

Exploits0References6

CVE•added 2016/08/07 4:0 p.m.•84 views

CVE-2016-5356

Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 contains a vulnerability CVE-2016-5356 in the CoSine file parser (wiretap/cosine.c) where sscanf unsigned-integer processing is mishandled, enabling a remote attacker to cause a denial of service (application crash) via a crafted file.

5.9CVSS6AI score0.02489EPSS

Exploits0References8Affected Software1

Debian CVE•added 2016/08/07 4:0 p.m.•23 views

CVE-2016-5356

5.9CVSS5.4AI score0.02489EPSS

Exploits0

CNVD•added 2016/01/05 12:0 a.m.•1 views

Wireshark BER Parser Denial of Service Vulnerability

Wireshark is the most popular network protocol parser. In Wireshark versions 2.0.x before 2.0.1 and 1.12.x before 1.12.9, the function dissectberGeneralizedTime within epan/dissectors/packet-ber.c in the BER parser does not correctly check the sscanf return value by constructing a packet, a remot...

5.5CVSS7.6AI score0.01539EPSS

Exploits0References1

OSV•added 2016/01/04 5:59 a.m.•4 views

CVE-2015-8720

The dissectberGeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service application crash via a crafted packet...

5.5CVSS5.3AI score

Exploits0References7

OSV•added 2016/01/04 5:59 a.m.•0 views

DEBIAN-CVE-2015-8720

5.5CVSS5.3AI score0.01539EPSS

Exploits0References1

OSV•added 2016/01/04 5:59 a.m.•2 views

UBUNTU-CVE-2015-8720

5.5CVSS6.4AI score0.01539EPSS

Exploits0References4

RedHat Linux•added 2015/10/01 1:25 p.m.•3 views

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112)

The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impa...

7.5CVSS7.7AI score0.04267EPSS

Exploits0References5

NVD•added 2015/09/24 4:59 a.m.•14 views

CVE-2015-7176

7.5CVSS7.5AI score0.04267EPSS

Exploits0References20

RedHat Linux•added 2015/09/22 6:17 p.m.•2 views

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-112)

7.5CVSS7.7AI score0.04267EPSS

Exploits0References5

OSV•added 2015/09/22 12:0 a.m.•0 views

UBUNTU-CVE-2015-7176

7.5CVSS7.6AI score0.04267EPSS

Exploits0References5

Tenable Nessus•added 2014/11/26 12:0 a.m.•40 views

OracleVM 3.3 : libXfont (OVMSA-2014-0080)

The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2014-0209: integer overflow of allocations in font metadata file parsing bug 1163602, bug 1163601 - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies bug 1163602, bug...

9.3CVSS8.6AI score0.10254EPSS

Exploits1References5

Tenable Nessus•added 2014/06/13 12:0 a.m.•31 views

openSUSE Security Update : libXfont (openSUSE-SU-2014:0073-1)

UCVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.p atch - unlimited sscanf overflows stack buffer in bdfReadCharacters CVE-2013-6462, bnc854915 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

9.3CVSS8.7AI score0.10254EPSS

Exploits1References3

Tenable Nessus•added 2014/01/12 12:0 a.m.•24 views

Oracle Linux 5 / 6 : libxfont (ELSA-2014-0018)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-0018 advisory. 1.4.5-3 - cve-2013-6462.patch: sscanf overflow bug 1049684 - sscanf-hardening.patch: Some other sscanf hardening fixes 1049684 Tenable has extracted the...

9.3CVSS8.6AI score0.10254EPSS

Exploits1References2