Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2795 | 1 Marklogic | 1 Marklogic | 2022-04-19 | 6.8 MEDIUM | 8.6 HIGH |
| An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. | |||||
| CVE-2017-2792 | 1 Marklogic | 1 Marklogic | 2022-04-19 | 6.8 MEDIUM | 9.6 CRITICAL |
| An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability. | |||||
| CVE-2017-14452 | 1 Insteon | 2 Hub, Hub Firmware | 2022-04-19 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "c_r" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. | |||||
| CVE-2017-14455 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2022-04-19 | 9.0 HIGH | 8.8 HIGH |
| On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability. | |||||
| CVE-2017-14453 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2022-04-19 | 9.0 HIGH | 8.8 HIGH |
| On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "ad_r" parameter in order to exploit this vulnerability. | |||||
| CVE-2017-14447 | 1 Insteon | 2 Hub, Hub Firmware | 2022-04-19 | 5.5 MEDIUM | 7.7 HIGH |
| An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2017-12092 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability. | |||||
| CVE-2017-2815 | 1 Igniterealtime | 1 User Import Export | 2022-04-19 | 5.5 MEDIUM | 8.1 HIGH |
| An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability. | |||||
| CVE-2017-2812 | 1 Kakadusoftware | 1 Kakadu Sdk | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise. | |||||
| CVE-2017-2811 | 1 Kakadusoftware | 1 Kakadu Sdk | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise. | |||||
| CVE-2017-2804 | 1 Corel | 1 Coreldraw Photo Paint X8 | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. | |||||
| CVE-2017-2803 | 1 Corel | 1 Coreldraw Photo Paint X8 | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. This vulnerability only exists in the 64-bit version. | |||||
| CVE-2017-14450 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2022-04-19 | 5.8 MEDIUM | 7.1 HIGH |
| A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. | |||||
| CVE-2017-14449 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2022-04-19 | 6.8 MEDIUM | 8.8 HIGH |
| A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2017-12109 | 1 Libxls Project | 1 Libxls | 2022-04-19 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | |||||
| CVE-2017-12107 | 1 Pl32 | 1 Photoline | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability. | |||||
| CVE-2017-12087 | 1 Tinysvcmdns Project | 1 Tinysvcmdns | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability. | |||||
| CVE-2017-14459 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-04-19 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. | |||||
| CVE-2017-14473 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Reads the encoded ladder logic from its data file and print it out in HEX. | |||||
| CVE-2017-14472 | 1 Rockwellautomation | 2 Micrologix 1400, Micrologix 1400 B Firmware | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an undocumented data file and returns the ASCII version of the master password. | |||||