Total
2081 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15372 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2024-11-21 | N/A |
| There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | ||||
| CVE-2017-15118 | 3 Canonical, Qemu, Redhat | 4 Ubuntu Linux, Qemu, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS. | ||||
| CVE-2017-15101 | 2 Liblouis, Redhat | 7 Liblouis, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2024-11-21 | N/A |
| A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution. | ||||
| CVE-2017-15088 | 1 Mit | 1 Kerberos 5 | 2024-11-21 | 9.8 Critical |
| plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat. | ||||
| CVE-2017-14493 | 5 Canonical, Debian, Opensuse and 2 more | 9 Ubuntu Linux, Debian Linux, Leap and 6 more | 2024-11-21 | N/A |
| Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. | ||||
| CVE-2017-14265 | 1 Libraw | 1 Libraw | 2024-11-21 | N/A |
| A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. | ||||
| CVE-2017-14041 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | 8.8 High |
| A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | ||||
| CVE-2017-14016 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | ||||
| CVE-2017-13999 | 1 We-con | 1 Levi Studio Hmi Editor | 2024-11-21 | N/A |
| A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be able to crash the application or run arbitrary code. | ||||
| CVE-2017-13742 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2024-11-21 | N/A |
| There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack. | ||||
| CVE-2017-13740 | 2 Liblouis, Redhat | 2 Liblouis, Enterprise Linux | 2024-11-21 | N/A |
| There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact. | ||||
| CVE-2017-13089 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Wget, Enterprise Linux | 2024-11-21 | N/A |
| The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. | ||||
| CVE-2017-12732 | 1 Ge | 1 Intelligent Platforms Proficy Hmi\/scada Cimplicity | 2024-11-21 | N/A |
| A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. | ||||
| CVE-2017-12707 | 1 Spidercontrol | 1 Scada Microbrowser | 2024-11-21 | N/A |
| A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. | ||||
| CVE-2017-12706 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
| A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | ||||
| CVE-2017-12194 | 1 Spice-gtk Project | 1 Spice-gtk | 2024-11-21 | N/A |
| A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable. | ||||
| CVE-2017-12188 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 7.8 High |
| arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." | ||||
| CVE-2017-11571 | 1 Fontforge | 1 Fontforge | 2024-11-21 | N/A |
| FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file. | ||||
| CVE-2017-10971 | 1 X.org | 1 Xorg-server | 2024-11-21 | N/A |
| In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | ||||
| CVE-2017-10806 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 5.5 Medium |
| Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. | ||||