Total
3886 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11003 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that the data fits into allotted RAM size. | ||||
| CVE-2017-1000409 | 1 Gnu | 1 Glibc | 2024-11-21 | N/A |
| A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. | ||||
| CVE-2016-8620 | 2 Haxx, Redhat | 2 Curl, Rhel Software Collections | 2024-11-21 | N/A |
| The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | ||||
| CVE-2016-6559 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37. | ||||
| CVE-2016-2356 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. | ||||
| CVE-2015-9382 | 3 Debian, Freetype, Redhat | 3 Debian Linux, Freetype, Enterprise Linux | 2024-11-21 | N/A |
| FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. | ||||
| CVE-2015-9289 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 5.5 Medium |
| In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. | ||||
| CVE-2015-8011 | 4 Debian, Fedoraproject, Lldpd Project and 1 more | 8 Debian Linux, Fedora, Lldpd and 5 more | 2024-11-21 | 9.8 Critical |
| Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. | ||||
| CVE-2015-7890 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2024-11-21 | 5.5 Medium |
| Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. | ||||
| CVE-2015-7874 | 1 Portapps | 1 Kitty Portable | 2024-11-21 | 9.8 Critical |
| Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname. | ||||
| CVE-2015-6458 | 1 Moxa | 1 Softcms | 2024-11-21 | N/A |
| Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. | ||||
| CVE-2015-5745 | 3 Arista, Fedoraproject, Qemu | 3 Eos, Fedora, Qemu | 2024-11-21 | 6.5 Medium |
| Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message. | ||||
| CVE-2015-5684 | 1 Lenovo | 54 B50-10, B50-10 Firmware, Edge 15 and 51 more | 2024-11-21 | 9.8 Critical |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system. | ||||
| CVE-2015-5524 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 (December 2015). | ||||
| CVE-2015-2099 | 1 Webgateinc | 1 Control Center | 2024-11-21 | 8.8 High |
| Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1 control, or (3) GetThumbnail function in the WESPPlayback.WESPPlaybackCtrl.1 control. | ||||
| CVE-2015-2098 | 1 Webgateinc | 1 Edvr Manager | 2024-11-21 | 8.8 High |
| Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control. | ||||
| CVE-2015-10123 | 1 Wago | 10 750-352 Firmware, 750-829 Firmware, 750-831 Firmware and 7 more | 2024-11-21 | 8.8 High |
| An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device. | ||||
| CVE-2015-10065 | 1 Find Project | 1 Find | 2024-11-21 | 5.5 Medium |
| A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The patch is identified as ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability. | ||||
| CVE-2015-0243 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql, Enterprise Linux and 2 more | 2024-11-21 | 8.8 High |
| Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-0241 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql, Enterprise Linux and 2 more | 2024-11-21 | 8.8 High |
| The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow. | ||||