Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42186 | 2022-04-19 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2016-9042 | 4 Freebsd, Hpe, Ntp and 1 more | 5 Freebsd, Hpux-ntp, Ntp and 2 more | 2022-04-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition. | |||||
| CVE-2016-8382 | 1 Marklogic | 1 Marklogic | 2022-04-19 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability. | |||||
| CVE-2016-9039 | 1 Joyent | 1 Smartos | 2022-04-19 | 4.9 MEDIUM | 5.5 MEDIUM |
| An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service. | |||||
| CVE-2016-8706 | 1 Memcached | 1 Memcached | 2022-04-19 | 6.8 MEDIUM | 8.1 HIGH |
| An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | |||||
| CVE-2016-8705 | 1 Memcached | 1 Memcached | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | |||||
| CVE-2016-8704 | 1 Memcached | 1 Memcached | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | |||||
| CVE-2016-8334 | 1 Foxitsoftware | 1 Reader | 2022-04-19 | 4.3 MEDIUM | 3.3 LOW |
| A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. | |||||
| CVE-2016-8335 | 1 Iceni | 1 Argus | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows x64. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability. | |||||
| CVE-2016-8333 | 1 Iceni | 1 Argus | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can provide a malicious pdf file to trigger this vulnerability. | |||||
| CVE-2016-8331 | 1 Libtiff | 1 Libtiff | 2022-04-19 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. | |||||
| CVE-2016-8332 | 1 Uclouvain | 1 Openjpeg | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector. | |||||
| CVE-2022-23703 | 1 Hpe | 1 Nimbleos | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100 | |||||
| CVE-2022-24383 | 1 Fujielectric | 2 Alpha5 Smart Loader, Alpha5 Smart Loader Firmware | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to an out-of-bounds read, which may result in code execution | |||||
| CVE-2022-27261 | 1 Express-fileupload Project | 1 Express-fileupload | 2022-04-19 | 4.3 MEDIUM | 7.5 HIGH |
| An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. | |||||
| CVE-2022-27262 | 1 Sailsjs | 1 Skipper | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-27263 | 1 Strapi | 1 Strapi | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-27841 | 1 Samsung | 1 Samsung Pass | 2022-04-19 | 1.9 LOW | 4.3 MEDIUM |
| Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication | |||||
| CVE-2022-27840 | 1 Samsung | 1 Recovery | 2022-04-19 | 3.6 LOW | 4.4 MEDIUM |
| Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. | |||||
| CVE-2017-2777 | 1 Iceni | 1 Argus | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability. | |||||