Total
12607 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-13719 | 1 Amcrest | 2 Ipm-721s, Ipm-721s Firmware | 2024-08-05 | N/A |
| The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. This HTTP API receives the credentials as base64 encoded in the Authorization HTTP header. However, a missing length check in the code allows an attacker to send a string of 1024 characters in the password field, and allows an attacker to exploit a memory corruption issue. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 is dissected using the binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that has many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that performs the credential check in the binary for the HTTP API specification. If we open this binary in IDA Pro we will notice that this follows an ARM little-endian format. The function at address 00415364 in IDA Pro starts the HTTP authentication process. This function calls another function at sub_ 0042CCA0 at address 0041549C. This function performs a strchr operation after base64 decoding the credentials, and stores the result on the stack, which results in a stack-based buffer overflow. | ||||
| CVE-2017-13793 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2024-08-05 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | ||||
| CVE-2017-13739 | 1 Liblouis | 1 Liblouis | 2024-08-05 | N/A |
| There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution. | ||||
| CVE-2017-13723 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-08-05 | N/A |
| In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | ||||
| CVE-2017-13730 | 1 Gnu | 1 Ncurses | 2024-08-05 | N/A |
| There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. | ||||
| CVE-2017-13734 | 1 Gnu | 1 Ncurses | 2024-08-05 | N/A |
| There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13729 | 1 Gnu | 1 Ncurses | 2024-08-05 | N/A |
| There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. | ||||
| CVE-2017-13684 | 1 Unisys | 1 Mcp-firmware | 2024-08-05 | N/A |
| Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption. | ||||
| CVE-2017-13134 | 1 Imagemagick | 1 Imagemagick | 2024-08-05 | N/A |
| In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. | ||||
| CVE-2017-13140 | 1 Imagemagick | 1 Imagemagick | 2024-08-05 | N/A |
| In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. | ||||
| CVE-2017-13066 | 1 Graphicsmagick | 1 Graphicsmagick | 2024-08-05 | N/A |
| GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. | ||||
| CVE-2017-13063 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-08-05 | N/A |
| GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. | ||||
| CVE-2017-13064 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2024-08-05 | N/A |
| GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. | ||||
| CVE-2017-13011 | 2 Redhat, Tcpdump | 2 Enterprise Linux, Tcpdump | 2024-08-05 | N/A |
| Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). | ||||
| CVE-2017-12969 | 1 Avaya | 1 Ip Office Contact Center | 2024-08-05 | N/A |
| Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. | ||||
| CVE-2017-12942 | 1 Rarlab | 1 Unrar | 2024-08-05 | N/A |
| libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | ||||
| CVE-2017-12983 | 1 Imagemagick | 1 Imagemagick | 2024-08-05 | N/A |
| Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2017-12982 | 1 Uclouvain | 1 Openjpeg | 2024-08-05 | 5.5 Medium |
| The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. | ||||
| CVE-2017-12919 | 1 Libfpx Project | 1 Libfpx | 2024-08-05 | N/A |
| Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. | ||||
| CVE-2017-12911 | 1 Mp3gain | 1 Mp3gain | 2024-08-05 | N/A |
| The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file. | ||||