Total
54925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2906 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. | ||||
| CVE-2017-2905 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2904 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2903 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2902 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2901 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2900 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2899 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-11-21 | 7.8 High |
| An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | ||||
| CVE-2017-2898 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-11-21 | 7.5 High |
| An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability. | ||||
| CVE-2017-2897 | 1 Libxls Project | 1 Libxls | 2024-11-21 | 7.8 High |
| An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | ||||
| CVE-2017-2896 | 2 Debian, Libxls Project | 2 Debian Linux, Libxls | 2024-11-21 | 7.8 High |
| An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | ||||
| CVE-2017-2895 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 8.2 High |
| An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | ||||
| CVE-2017-2893 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 7.5 High |
| An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | ||||
| CVE-2017-2890 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-11-21 | 8.8 High |
| An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. | ||||
| CVE-2017-2889 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-11-21 | 7.5 High |
| An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability. | ||||
| CVE-2017-2888 | 3 Canonical, Debian, Libsdl | 3 Ubuntu Linux, Debian Linux, Simple Directmedia Layer | 2024-11-21 | 8.8 High |
| An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | ||||
| CVE-2017-2887 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2024-11-21 | 8.8 High |
| An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. | ||||
| CVE-2017-2886 | 1 Acdsee | 1 Ultimate | 2024-11-21 | 7.8 High |
| A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability. | ||||
| CVE-2017-2884 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-11-21 | 7.5 High |
| An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability. | ||||
| CVE-2017-2883 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-11-21 | 8.1 High |
| An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability. | ||||