Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0796 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2022-04-22 | 7.5 HIGH | 10.0 CRITICAL |
| A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'. | |||||
| CVE-2021-44503 | 1 Fisglobal | 1 Gt.m | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to va_arg on an empty variadic parameter list, most likely causing a memory segmentation fault. | |||||
| CVE-2020-8703 | 3 Intel, Netapp, Siemens | 368 B150, B250, B360 and 365 more | 2022-04-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-44499 | 1 Fisglobal | 1 Gt.m | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow. | |||||
| CVE-2021-44496 | 1 Fisglobal | 1 Gt.m | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution. | |||||
| CVE-2022-24788 | 1 Vyper Project | 1 Vyper | 2022-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2016-8332 | 1 Uclouvain | 1 Openjpeg | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector. | |||||
| CVE-2016-8335 | 1 Iceni | 1 Argus | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows x64. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability. | |||||
| CVE-2016-8333 | 1 Iceni | 1 Argus | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can provide a malicious pdf file to trigger this vulnerability. | |||||
| CVE-2016-8382 | 1 Marklogic | 1 Marklogic | 2022-04-19 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability. | |||||
| CVE-2017-2792 | 1 Marklogic | 1 Marklogic | 2022-04-19 | 6.8 MEDIUM | 9.6 CRITICAL |
| An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability. | |||||
| CVE-2017-2818 | 1 Freedesktop | 1 Poppler | 2022-04-19 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. | |||||
| CVE-2017-2793 | 1 Marklogic | 1 Marklogic | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. | |||||
| CVE-2017-12087 | 1 Tinysvcmdns Project | 1 Tinysvcmdns | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability. | |||||
| CVE-2017-14455 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2022-04-19 | 9.0 HIGH | 8.8 HIGH |
| On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability. | |||||
| CVE-2017-2794 | 1 Marklogic | 1 Marklogic | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT file to trigger this vulnerability. | |||||
| CVE-2017-14447 | 1 Insteon | 2 Hub, Hub Firmware | 2022-04-19 | 5.5 MEDIUM | 7.7 HIGH |
| An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2017-2790 | 1 Justsystems | 1 Ichitaro | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application. | |||||
| CVE-2017-2797 | 1 Marklogic | 1 Marklogic | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. | |||||
| CVE-2017-2787 | 1 Pharos | 1 Popup | 2022-04-19 | 9.3 HIGH | 9.0 CRITICAL |
| A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit. | |||||