An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Max CVSS
9.8
EPSS Score
0.94%
Published
2017-02-27
Updated
2018-08-13
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Max CVSS
9.8
EPSS Score
0.94%
Published
2017-02-27
Updated
2018-08-13
XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.
Max CVSS
5.9
EPSS Score
0.12%
Published
2017-02-27
Updated
2017-03-02
The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117.
Max CVSS
9.3
EPSS Score
31.26%
Published
2017-02-27
Updated
2019-10-03
An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117.
Max CVSS
10.0
EPSS Score
0.33%
Published
2017-02-27
Updated
2019-10-03
Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117.
Max CVSS
5.9
EPSS Score
0.48%
Published
2017-02-27
Updated
2019-10-03
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.
Max CVSS
7.8
EPSS Score
0.25%
Published
2017-02-24
Updated
2019-03-13
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
Max CVSS
7.8
EPSS Score
0.25%
Published
2017-02-24
Updated
2019-03-13
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
Max CVSS
7.8
EPSS Score
0.25%
Published
2017-02-24
Updated
2019-03-13
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.
Max CVSS
7.8
EPSS Score
0.27%
Published
2017-02-24
Updated
2019-03-13
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."
Max CVSS
7.8
EPSS Score
0.27%
Published
2017-02-24
Updated
2019-05-18
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."
Max CVSS
7.8
EPSS Score
0.25%
Published
2017-02-24
Updated
2019-05-18
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."
Max CVSS
7.8
EPSS Score
0.25%
Published
2017-02-24
Updated
2019-05-18
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."
Max CVSS
7.8
EPSS Score
0.27%
Published
2017-02-24
Updated
2019-05-18
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."
Max CVSS
7.8
EPSS Score
0.06%
Published
2017-02-24
Updated
2019-05-18
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."
Max CVSS
7.8
EPSS Score
0.25%
Published
2017-02-24
Updated
2019-05-18
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h."
Max CVSS
7.8
EPSS Score
0.25%
Published
2017-02-24
Updated
2019-05-18
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."
Max CVSS
5.5
EPSS Score
0.21%
Published
2017-02-24
Updated
2019-10-03
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."
Max CVSS
7.8
EPSS Score
0.27%
Published
2017-02-24
Updated
2019-05-18
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.
Max CVSS
5.9
EPSS Score
0.17%
Published
2017-02-27
Updated
2019-10-03
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
Max CVSS
7.5
EPSS Score
4.20%
Published
2017-02-23
Updated
2019-10-03
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.
Max CVSS
7.5
EPSS Score
33.55%
Published
2017-02-23
Updated
2017-08-16
D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors.
Max CVSS
9.8
EPSS Score
0.27%
Published
2017-02-23
Updated
2019-10-03
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.
Max CVSS
5.5
EPSS Score
0.85%
Published
2017-02-24
Updated
2017-03-02
Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document.
Max CVSS
7.8
EPSS Score
0.75%
Published
2017-02-24
Updated
2017-08-22
1041 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!