213680 matches found
Privilege escalation
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...
Heap overflow
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the maxframesize setting instead of being checked against the bufsize. The maxframesize only applies to outgoing traffic and not to incoming, so if a large enough frame size is advertised in the...
Race condition
A vulnerability in the Secure Sockets Layer SSL packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a...
Security feature bypass
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery...
Design/Logic Flaw
The xzdecomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035...
Design/Logic Flaw
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory...
Information disclosure
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way...
Null pointer dereference
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact because the port-exists value can change after it is validated...
Input validation
In Max Secure Anti Virus 19.0.3.019,, the driver file MaxProtector32.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x220009...
Code injection
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
Null pointer dereference
In the Linux kernel through 4.14.13, the rdscmsgatomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rdsatomicfreeop NULL pointer dereference...
Remote code execution
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797...
Integer overflow
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gifgetlzw function resulting in memory corruption and potential code execution...
Design/Logic Flaw
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface...
Design/Logic Flaw
The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. B...
Design/Logic Flaw
The dccpdisconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service use-after-free via an AFUNSPEC connect system call during the DCCPLISTEN state...
Design/Logic Flaw
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service infinite loop and host OS hang by leveraging the mishandling of Populate on Demand PoD errors...
Privilege escalation
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE...
Design/Logic Flaw
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructur...
Design/Logic Flaw
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP t...
Null pointer dereference
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of addkey for a key that already exists but is uninstantiated, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted system call...
Remote code execution
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly...
Cross site scripting
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting XSS vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka...
Null pointer dereference
readformattedentries in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted ELF file...
Code injection
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's 0xffffffffffffffff in 64 bit platforms, making dnsmasq crash...
Code injection
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available...
Information disclosure
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...
Buffer overflow
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine...
Design/Logic Flaw
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not , which might allow remote attackers to obtain the value of generated MD5...
Input validation
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, tdimagelength is not checked. The value of tdimagelength can be directly controlled by an input file. In the...
Cross site scripting
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...
Design/Logic Flaw
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale...
Code injection
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour...
Memory corruption
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory...
Design/Logic Flaw
glibc contains a vulnerability that allows specially crafted LDLIBRARYPATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap...
Design/Logic Flaw
Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes...
Design/Logic Flaw
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...
Remote code execution
A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234,...
Remote code execution
Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265...
Remote code execution
The Microsoft Server Message Block 1.0 SMBv1 server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it...
Design/Logic Flaw
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using -CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS...
Null pointer dereference
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and...
Design/Logic Flaw
Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...
Buffer overflow
Multiple vulnerabilities in the EnergyWise module of Cisco IOS 12.2 and 15.0 through 15.6 and Cisco IOS XE 3.2 through 3.18 could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service DoS condition. These...
Input validation
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox...
Buffer overflow
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: http://" in a PROPFIND request, as exploited in the wild ...
Code injection
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service out-of-memory error and crash via a crafted OpenPGP certificate...
Directory traversal
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...
Memory corruption
Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."...
Information disclosure
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0091, CVE-2017-0092, CVE-2017-0111,...