CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2018/04/05 7:0 p.m.•15 views

CVE-2017-2853

An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this...

10CVSS9.9AI score0.0177EPSS

CVE•added 2018/04/05 7:0 p.m.•52 views

CVE-2017-2867

TALOS reports CVE-2017-2867 as a vulnerability in Natus Xltek NeuroWorks 8 (SavePatientMontage). It is caused by a lack of verification of the length of Data.Name in requests to SavePatientMontage, leading to a stack-based buffer overflow that can enable remote code execution via a specially craf...

9.8CVSS9.8AI score0.01895EPSS

Cvelist•added 2018/04/05 7:0 p.m.•19 views

CVE-2017-2869

An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability...

10CVSS9.9AI score0.02291EPSS

CVE•added 2018/04/05 7:0 p.m.•54 views

CVE-2017-2868

CVE-2017-2868 is a vulnerability in the NewProducerStream functionality of Natus Xltek NeuroWorks 8 . The issue stems from parsing a user-provided KeyTree, specifically an unchecked length for the SlowReviewLocalPath used to construct a path, which can overflow a stack buffer and overwrite except...

10CVSS9.8AI score0.01895EPSS

CVE•added 2018/04/05 7:0 p.m.•52 views

CVE-2017-2869

CVE-2017-2869 is a code execution vulnerability in Natus Xltek NeuroWorks 8 OpenProducer. Talos reports a stack-based buffer overflow caused by improper handling of SlowReviewLocalPath data within the KeyTree during OpenProducer processing, which can be triggered remotely by sending a crafted net...

10CVSS9.8AI score0.02291EPSS

CVE•added 2018/04/05 7:0 p.m.•61 views

CVE-2017-2853

CVE-2017-2853 affects Natus Xltek NeuroWorks 8. During processing of the command RequestForPatientInfoEEGfile, the NWStorage component builds a file path from a client-supplied value and uses a stack buffer in a sprintf call, which can overflow and overwrite the SEH chain. This leads to remote co...

10CVSS9.8AI score0.0177EPSS

Cvelist•added 2018/04/05 7:0 p.m.•16 views

CVE-2017-2867

An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability...

9CVSS9.9AI score0.01895EPSS

NVD•added 2018/04/04 4:29 p.m.•13 views

CVE-2017-13276

In CProgramConfigReadHeightExt of tpdecasc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1,...

7.8CVSS8.1AI score0.00373EPSS

NVD•added 2018/04/04 4:29 p.m.•10 views

CVE-2017-13282

In avrcctrlparsvendorrsp of avrcparsct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1,...

10CVSS9.5AI score0.01197EPSS

Prion•added 2018/04/04 4:29 p.m.•14 views

Stack overflow

In avrcparsbrowsingcmd of avrcparstg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1...

10CVSS9.2AI score0.01503EPSS

Prion•added 2018/04/04 4:29 p.m.•17 views

Stack overflow

6.8CVSS8AI score0.00373EPSS

Cvelist•added 2018/04/04 4:0 p.m.•13 views

CVE-2017-13281

9.5AI score0.01503EPSS

CVE•added 2018/04/04 4:0 p.m.•51 views

CVE-2017-13282

CVE-2017-13282 affects Android where in the function avrc_ctrl_pars_vendor_rsp (file avrc_pars_ct.cc) a missing bounds check can cause a stack buffer overflow. The flaw could allow remote code execution with no privileges or user interaction required, affecting Android versions 7.0, 7.1.1, 7.1.2,...

10CVSS9AI score0.01197EPSS

CVE•added 2018/04/04 4:0 p.m.•51 views

CVE-2017-13276

CVE-2017-13276 concerns a stack buffer overflow in the Android tpdec_asc.cpp module, specifically in the function CProgramConfig_ReadHeightExt, caused by a missing bounds check. This vulnerability could enable remote code execution with the attacker having no special privileges beyond a user on t...

7.8CVSS8.1AI score0.00373EPSS

Cvelist•added 2018/04/04 4:0 p.m.•14 views

CVE-2017-13276

8.1AI score0.00373EPSS

CVE•added 2018/04/04 4:0 p.m.•53 views

CVE-2017-13281

CVE-2017-13281 affects Android 8.0–8.1, where avrc_pars_browsing_cmd in avrc_pars_tg.cc can overflow a stack buffer due to an improper bounds check, enabling remote code execution without user interaction. Affected product: Android OS; vulnerable component: avrc_pars_browsing_cmd (in avrc_pars_tg...

10CVSS9AI score0.01503EPSS