Total
2039 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-15088 | 1 Mit | 1 Kerberos 5 | 2024-08-05 | 9.8 Critical |
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat. | ||||
CVE-2017-14493 | 5 Canonical, Debian, Opensuse and 2 more | 9 Ubuntu Linux, Debian Linux, Leap and 6 more | 2024-08-05 | N/A |
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. | ||||
CVE-2017-14265 | 1 Libraw | 1 Libraw | 2024-08-05 | N/A |
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. | ||||
CVE-2017-14041 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-08-05 | 8.8 High |
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | ||||
CVE-2017-14016 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | ||||
CVE-2017-13999 | 1 We-con | 1 Levi Studio Hmi Editor | 2024-08-05 | N/A |
A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be able to crash the application or run arbitrary code. | ||||
CVE-2017-13740 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2024-08-05 | N/A |
There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact. | ||||
CVE-2017-13742 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2024-08-05 | N/A |
There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack. | ||||
CVE-2024-28573 | 2024-08-05 | 6.2 Medium | ||
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format. | ||||
CVE-2017-12732 | 1 Ge | 1 Intelligent Platforms Proficy Hmi\/scada Cimplicity | 2024-08-05 | N/A |
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. | ||||
CVE-2017-12707 | 1 Spidercontrol | 1 Scada Microbrowser | 2024-08-05 | N/A |
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. | ||||
CVE-2017-12706 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | ||||
CVE-2017-12188 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-08-05 | 7.8 High |
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." | ||||
CVE-2017-12194 | 1 Spice-gtk Project | 1 Spice-gtk | 2024-08-05 | N/A |
A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. | ||||
CVE-2017-11571 | 1 Fontforge | 1 Fontforge | 2024-08-05 | N/A |
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file. | ||||
CVE-2017-10971 | 1 X.org | 1 Xorg-server | 2024-08-05 | N/A |
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | ||||
CVE-2017-10806 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-08-05 | 5.5 Medium |
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. | ||||
CVE-2017-10684 | 1 Gnu | 1 Ncurses | 2024-08-05 | N/A |
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. | ||||
CVE-2017-9865 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-05 | N/A |
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. | ||||
CVE-2017-9871 | 1 Lame Project | 1 Lame | 2024-08-05 | N/A |
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. |