Total
11483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14362 | 5 Canonical, Debian, Mutt and 2 more | 10 Ubuntu Linux, Debian Linux, Mutt and 7 more | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. | |||||
| CVE-2011-2806 | 2 Google, Microsoft | 2 Chrome, Windows | 2020-05-19 | 10.0 HIGH | N/A |
| Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2017-17833 | 5 Canonical, Debian, Lenovo and 2 more | 61 Ubuntu Linux, Debian Linux, Bm Nextscale Fan Power Controller and 58 more | 2020-05-14 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability. | |||||
| CVE-2016-4439 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-05-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or potentially execute arbitrary code on the QEMU host via unspecified vectors. | |||||
| CVE-2016-4441 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-05-14 | 2.1 LOW | 6.0 MEDIUM |
| The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check DMA length, which allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via unspecified vectors, involving an SCSI command. | |||||
| CVE-2016-4454 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-05-14 | 3.6 LOW | 6.0 MEDIUM |
| The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash) by changing FIFO registers and issuing a VGA command, which triggers an out-of-bounds read. | |||||
| CVE-2017-14199 | 1 Zephyrproject | 1 Zephyr | 2020-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0. | |||||
| CVE-2017-14202 | 1 Zephyrproject | 1 Zephyr | 2020-05-13 | 4.6 MEDIUM | 7.8 HIGH |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. | |||||
| CVE-2013-7260 | 1 Realnetworks | 1 Realplayer | 2020-05-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877. | |||||
| CVE-2011-3873 | 1 Google | 1 Chrome | 2020-05-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2011-2881 | 1 Google | 1 Chrome | 2020-05-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2011-3894 | 1 Google | 1 Chrome | 2020-05-08 | 7.5 HIGH | N/A |
| Google Chrome before 15.0.874.120 does not properly perform VP8 decoding, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted stream. | |||||
| CVE-2011-3909 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-05-07 | 5.0 MEDIUM | N/A |
| The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2017-8798 | 1 Miniupnp Project | 1 Miniupnpd | 2020-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |||||
| CVE-2016-10375 | 1 Yodl Project | 1 Yodl | 2020-04-30 | 7.5 HIGH | 9.8 CRITICAL |
| Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c. | |||||
| CVE-2020-3273 | 1 Cisco | 4 5508 Wireless Controller, 5508 Wireless Controller Firmware, 5520 Wireless Controller and 1 more | 2020-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS). The vulnerability is due to incomplete input validation of the 802.11 GAS frames that are processed by an affected device. An attacker could exploit this vulnerability by sending a crafted 802.11 GAS frame over the air to an access point (AP), and that frame would then be relayed to the affected WLC. Also, an attacker with Layer 3 connectivity to the WLC could exploit this vulnerability by sending a malicious 802.11 GAS payload in a Control and Provisioning of Wireless Access Points (CAPWAP) packet to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS. | |||||
| CVE-2016-7567 | 1 Openslp | 1 Openslp | 2020-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. | |||||
| CVE-2017-6193 | 1 Apng Disassembler Project | 1 Apng Disassembler | 2020-04-29 | 6.8 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk. | |||||
| CVE-2017-6192 | 1 Apng Disassembler Project | 1 Apng Disassembler | 2020-04-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor. | |||||
| CVE-2017-8364 | 1 Rzip Project | 1 Rzip | 2020-04-26 | 6.8 MEDIUM | 7.8 HIGH |
| The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. | |||||