461 matches found
CVE-2015-7547
CVE-2015-7547 refers to a stack-based buffer overflow in the GLIBC libresolv DNS resolver path, triggered by dual A/AAAA DNS queries in getaddrinfo. The vulnerability could allow remote code execution or crash the process when handling crafted DNS responses, with exploitation possible via the nss...
CVE-2017-17805
CVE-2017-17805 affects the Linux kernel prior to 4.14.8. The Salsa20 cipher implementation (crypto/salsa20_generic.c and arch/x86/crypto/salsa20_glue.c) mishandles zero-length inputs, allowing a local attacker to use the AF_ALG-based skcipher interface to trigger uninitialized memory free and ker...
CVE-2017-13078
CVE-2017-13078 is part of the KRACK family impacting WPA2. A attacker in Wi‑Fi range could reinstall the GTK during the 4‑way handshake, replaying frames to clients. Apple addresses this via security updates (e.g., HT208221/HT208222) for macOS High Sierra/Sierra and related AirPort firmware; exac...
CVE-2017-13082
CVE-2017-13082 is one of the KRACK-class WPA2 flaws. Android/Arch/Debian/CentOS references describe an issue where a retransmitted FT Reassociation Request can reinstall the PTK during processing, enabling a nearby attacker to replay, decrypt, or spoof frames. Impact described across sources incl...
CVE-2009-1185
CVE-2009-1185 affects udev before 1.4.1, which does not verify NETLINK message origin from kernel space, enabling a local user to gain privileges by sending a crafted NETLINK message. Public references show PoC/exploit activity (e.g., Metasploit module, Exploit-DB entries) and multiple advisories...
CVE-2017-13087
CVE-2017-13087 affects WPA/WPA2 (WPA2) implementations in wpa_supplicant/wpa and is part of the KRACK family. The issue is a GTK reinstallation triggered when processing a Wireless Network Management Sleep Mode Response frame, allowing an attacker within radio range to replay frames between APs a...
CVE-2012-0444
CVE-2012-0444 describes a heap-based memory corruption vulnerability in the libvorbis Ogg Vorbis parser that could allow remote code execution or a crash when processing crafted Ogg Vorbis files. Affected products across Mozilla ecosystem (Firefox, Thunderbird, Seamonkey and related XULRunner/Ice...
CVE-2013-0753
CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...
CVE-2013-4002
CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...
CVE-2013-0758
CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...
CVE-2015-5300
CVE-2015-5300 (NTP panic-threshold bypass) is detailed in connected advisory from F5 for BIG-IP products, describing a vulnerability in ntpd where the threshold for the -g option is not correctly enforced. An attacker controlling NTP traffic could cause ntpd to step the clock to an arbitrary valu...
CVE-2015-8126
CVE-2015-8126 concerns libpng buffer overflows in png_set_PLTE and png_get_PLTE caused by improper bounds checks. Affected ranges include libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19. Exploitation via a small bit-...
CVE-2018-19542
CVE-2018-19542 affects JasPer 2.0.14. The vulnerability is a NULL pointer dereference in jp2_decode (libjasper/jp2/jp2_dec.c) that leads to a denial of service. The connected documents confirm the issue and cite unpatched status on several Red Hat releases (RHEL 6/7/8) via Nessus entries, but do ...
CVE-2017-13086
CVE-2017-13086 affects WPA/WPA2, specifically the TDLS handshake where the TDLS PeerKey (TPK) can be reinstalled. The root cause is key reinstallation during the TDLS handshake, enabling an attacker within radio range to replay, decrypt, or spoof frames. This vulnerability is documented across mu...
CVE-2017-13088
CVE-2017-13088 is part of the KRACK family affecting WPA/WPA2 (802.11) where reinstallation of the Integrity Group Temporal Key (IGTK) can occur while processing a Wireless Network Management Sleep Mode Response frame. The flaw enables an attacker within radio range to replay frames between APs a...
CVE-2011-1083
The CVE-2011-1083 issue affects the Linux kernel epoll implementation (epoll_ctl/epoll_create) as shipped in 2.6.37.2 and earlier. Local attackers can cause CPU denial of service by crafting a user-space application that creates and manages epoll file descriptors, exploiting improper traversal of...
CVE-2014-0502
CVE-2014-0502 is a double‑free vulnerability in Adobe Flash Player and related components that allows remote code execution. Affected products include Flash Player prior to 11.7.700.269 and 11.8.x up to 12.0.x before 12.0.0.70 on Windows/macOS, and before 11.2.202.341 on Linux, as well as Adobe A...
CVE-2013-1861
CVE-2013-1861 affects MariaDB SQL branches (5.5.x up to 5.5.30, 5.3.x up to 5.3.13, 5.2.x up to 5.2.15, 5.1.x up to 5.1.68) and Oracle MySQL (5.1.69 and earlier, 5.5.31 and earlier, 5.6.11 and earlier). The vulnerability allows remote DoS (crash) via a crafted geometry feature with a large number...
CVE-2014-0497
CVE-2014-0497 is an Adobe Flash Player integer underflow vulnerability affecting multiple platforms (Windows/macOS/Linux) that enables remote code execution via unspecified vectors. The initial description confirms the affected version ranges (pre-11.7.700.261/11.8.x–12.x pre-12.0.0.44 on Windows...
CVE-2018-18873
CVE-2018-18873 affects JasPer 2.0.14 with a NULL pointer dereference in ras_putdatastd (ras_enc.c), which can cause a crash. The Connected documents confirm the vulnerability and its presence in JasPer 2.0.14 but do not provide a specific patch version or remediation details in the supplied mater...
CVE-2012-5612
CVE-2012-5612 describes a heap-based buffer overflow in Oracle MySQL 5.5.19–5.5.28 and MariaDB 5.5.28a (and possibly other versions), enabling remote authenticated users to cause memory corruption, crash the server, and potentially execute arbitrary code. The vulnerability is exploited via a vari...
CVE-2010-5298
CVE-2010-5298 – OpenSSL race condition in ssl3_read_bytes (s3_pkt.c) . OpenSSL versions up to 1.0.1g are affected when SSL_MODE_RELEASE_BUFFERS is enabled, enabling a remote attacker to inject data across sessions or cause a denial of service (use-after-free and parsing error) over an SSL connect...
CVE-2017-17806
CVE-2017-17806 affects the Linux kernel before 4.14.8. The HMAC implementation (crypto/hmac.c) does not validate that the underlying hash algorithm is unkeyed, allowing a local attacker who can use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and SHA-3 (CONFIG_CRYPTO_SHA3) to tri...
CVE-2011-4516
CVE-2011-4516 affects JasPer, specifically the heap-based buffer overflow in the function jpc_cox_getcompparms (libjasper/jpc/jpc_cs.c) within JasPer 1.900.1. A crafted value in a COD (coding style default) marker segment of a JPEG2000 file can cause remote code execution or memory corruption, po...
CVE-2010-4258
The CVE-2010-4258 issue affects the Linux kernel versions prior to 2.6.36.2. The do_exit function in kernel/exit.c mishandles a KERNEL_DS get_fs value, bypassing access_ok checks and enabling local privilege escalation by overwriting arbitrary kernel memory. Exploitation vectors include use of th...
CVE-2014-4943
CVE-2014-4943 affects the Linux kernel up to 3.15.6, specifically the PPPoL2TP feature in net/l2tp/l2tp_ppp.c. The vulnerability arises from data-structure differences between an l2tp socket and an inet socket, enabling local privilege escalation. Public details in connected sources include PoC/e...
CVE-2018-19539
CVE-2018-19539 (JasPer 2.0.14) : An access violation in libjasper/base/jas_image.c:jas_image_readcmpt can cause a denial of service. Affected component is jas_image_readcmpt in JasPer 2.0.14; root cause is an access violation leading to crash/DoS. Public remediation/fix details are not provided i...
CVE-2009-2698
CVE-2009-2698 affects the Linux kernel UDP implementation (net/ipv4/udp.c and net/ipv6/udp.c) prior to 2.6.19. Local users can gain privileges or cause a denial of service (NULL pointer dereference/system crash) via UDP socket use with MSG_MORE. Oracle Linux/MiracleLinux advisories reference this...
CVE-2012-5829
CVE-2012-5829 is a heap-based buffer overflow in the nsWindow::OnExposeEvent function affecting Mozilla Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before 2.14. Connected documents confirm this vulnerability across multip...
CVE-2018-10195
CVE-2018-10195 affects lrzsz prior to 0.12.21~rc. The issue stems from an incorrect length check in zsdata that can cause a size_t wraparound, potentially leaking information to the receiving side. Public sources consistently describe an information leak risk and, in distributions, a fix/update i...
CVE-2018-19541
CVE-2018-19541 : A heap-based buffer over-read of size 8 exists in the function jas_image_depalettize (libjasper/base/jas_image.c) in JasPer, affecting versions from 1.900.8 up to 2.0.16 listed in the Initial document. The vulnerability can cause a crash and may enable memory access issues. The C...
CVE-2012-1717
CVE-2012-1717 is an unspecified local confidentiality vulnerability in the Java Runtime Environment affecting Oracle JRE 7u4 and earlier, 6u32 and earlier, 5u35 and earlier, and 1.4.2_37 and earlier, related to printing on Solaris/Linux. Connected documents (including IBM BigInsights/InfoSphere a...
CVE-2015-7976
CVE-2015-7976 affects the ntpq saveconfig command in the NTP reference implementation (ntpd/ntpq) across multiple 4.x branches (e.g., 4.1.2, 4.2.x prior to 4.2.8p6, and 4.3.x). The underlying flaw is that saveconfig does not properly filter special characters in filenames, enabling an attacker to...
CVE-2022-27239
CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...
CVE-2014-0221
The CVE concerns OpenSSL: the function dtls1_get_message_fragment in d1_both.c is vulnerable to a DoS via an invalid DTLS handshake. Affected are OpenSSL binaries prior to 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. In practice, a remote attacker can trigger recursion and a client cras...
CVE-2011-4517
CVE-2011-4517 affects JasPer 1.900.1 used for JPEG-2000 decoding. The flaw is in libjasper/jpc/jpc_cs.c: jpc_crg_getparms uses an incorrect data type during a size calculation, enabling remote attackers to trigger a heap-based buffer overflow via a crafted CRG marker segment in a JPEG2000 file. C...
CVE-2014-9116
CVE-2014-9116 concerns the Mutt mail client. The description specifies that the write_one_header function in mutt 1.5.23 mishandles newline characters at the beginning of a header, allowing a remote attacker to cause a denial of service (crash) by sending a header with an empty body. This conditi...
CVE-2014-9584
CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...
CVE-2015-1781
CVE-2015-1781 affects the GNU C Library (glibc/eglibc) NSS gethostbyname_r and related functions. A misaligned input buffer can cause a buffer overflow, leading to a crash or potentially arbitrary code execution via crafted DNS responses. Public advisories (Debian, Cloud Foundry, CentOS/RH, CNVD)...
CVE-2016-5118
CVE-2016-5118 affects GraphicsMagick and ImageMagick: the OpenBlob handling accepts a leading ‘|’ pipe in a filename, enabling remote code execution. Connected advisories confirm the issue and note remediation by upgrading to at least GraphicsMagick 1.3.24 (and corresponding ImageMagick fixes) an...
CVE-2012-4186
CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...
CVE-2014-1490
CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...
CVE-2018-19540
CVE-2018-19540 : In JasPer, there is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input (libjasper/base/jas_icc.c). Reported vulnerable versions include 1.900.8–1.900.31 and 2.0.0–2.0.16. The connected documents do not provide an explicit exploit path or patch details wit...
CVE-2012-2036
Adobe Flash Player and Adobe AIR are affected by multiple CVEs (CVE-2012-2034 to CVE-2012-2040) including an integer overflow and related memory corruption that could allow arbitrary code execution. The CVEs apply to various platforms: Windows, macOS, Linux, and Android, with Adobe AIR тоже affec...
CVE-2014-0198
The connected F5 advisory confirms CVE-2014-0198: the do_ssl3_write function in OpenSSL 1.x (up to 1.0.1g) with SSL_MODE_RELEASE_BUFFERS enabled can trigger a denial-of-service via a NULL pointer dereference in certain recursive alert paths. Impact is remote DoS; no exploitation details are provi...
CVE-2015-0272
CVE-2015-0272 affects GNOME NetworkManager and allows remote denial of service via a crafted MTU value in IPv6 Router Advertisement messages. Public advisories (IBM PowerKVM bulletin and CentOS/Ubuntu/Debian disclosures) show patches and updated NetworkManager packages to fix the issue; remediati...
CVE-2015-2734
CVE-2015-2734 details (mode C): The vulnerability affects Mozilla Firefox (Direct3D 9 implementation) in Windows builds prior to 39.0, Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1, and Thunderbird prior to 38.1. The underlying issue is reading data from uninitialized memory locations in ...
CVE-2009-0040
The CVE-2009-0040 issue affects the PNG reference library (libpng) as used in pngcrush and other apps. A crafted PNG can trigger a free of an uninitialized pointer in png_read_png, pCAL chunk handling, or 16-bit gamma table setup, enabling denial of service or possibly arbitrary code execution. A...
CVE-2015-8776
The CVE-2015-8776 issue affects the GNU C Library (glibc) strftime() function. The vulnerability, present in glibc versions before 2.23, allows context-dependent attackers to cause a denial of service (application crash) and, in some disclosures, potentially obtain sensitive information via out-o...
CVE-2012-2038
CVE-2012-2038 affects Adobe Flash Player across Windows, macOS, Linux, Android, and Adobe AIR before 3.3.0.3610. The issue allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Connected sources note that the Flash Player update to 11.2....