VIR Vulnerability Intelligence Relay

Search

Found 2,415 results in 256ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-13028 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().
CVE-2017-13027 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().
CVE-2017-13026 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.
CVE-2017-13025 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().
CVE-2017-13024 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().
CVE-2017-13023 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().
CVE-2017-13022 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
CVE-2017-13021 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().
CVE-2017-13020 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().
CVE-2017-13019 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().
CVE-2017-13018 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().
CVE-2017-13017 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().
CVE-2017-13016 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
CVE-2017-13015 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print().
CVE-2017-13014 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions.
CVE-2017-13013 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.
CVE-2017-13012 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
CVE-2017-13011 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().
CVE-2017-13010 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
CVE-2017-13009 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().
CVE-2017-13008 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
CVE-2017-13007 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().
CVE-2017-13006 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.
CVE-2017-13005 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().
CVE-2017-13004 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header().
CVE-2017-13003 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print().
CVE-2017-13002 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().
CVE-2017-13001 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().
CVE-2017-13000 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().
CVE-2017-12999 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().
CVE-2017-12998 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach().
CVE-2017-12997 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print().
CVE-2017-12996 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().
CVE-2017-12995 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().
CVE-2017-12994 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().
CVE-2017-12993 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions.
CVE-2017-12992 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().
CVE-2017-12991 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().
CVE-2017-12990 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.
CVE-2017-12988 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().
CVE-2017-12987 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().
CVE-2017-12986 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
CVE-2017-12985 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().
CVE-2017-12902 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.
CVE-2017-12901 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().
CVE-2017-12900 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().
CVE-2017-12899 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().
CVE-2017-12898 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().
CVE-2017-12897 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().
CVE-2017-12896 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().
CVE-2017-12895 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().
CVE-2017-12894 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().
CVE-2017-12893 critical 9.8 9.8 FIX arch arch slesdebian debian tcpdump 9y ago The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().
CVE-2017-11462 critical 9.8 9.8 FIX arch arch slesdebian debian mit 9y ago Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
CVE-2015-5206 critical 9.8 9.8 FIX debian debian apache 9y ago Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.
CVE-2015-5168 critical 9.8 9.8 FIX debian debian apache 9y ago Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.
CVE-2017-14265 critical 9.8 9.8 FIX arch arch slesdebian debian libraw 9y ago A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
CVE-2017-14230 critical 9.1 9.1 FIX slesdebian debian cyrus 9y ago In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow re…
CVE-2015-3991 critical 9.8 9.8 FIX debian debian strongswan 9y ago strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
CVE-2017-14138 critical 9.8 9.8 FIX slesdebian debian imagemagick 9y ago ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.
CVE-2017-14122 critical 9.1 9.1 FIX debian debian rarlab 9y ago unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
CVE-2017-14100 critical 9.8 9.8 FIX debian debian digium 9y ago In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. Th…
CVE-2017-12873 critical 9.8 9.8 FIX debian debian simplesamlphp 9y ago SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID genera…
CVE-2017-12868 critical 9.8 9.8 FIX debian debian simplesamlphpphp 9y ago The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypas…
CVE-2015-7700 critical 9.8 9.8 FIX debian debian pngcrush_project 9y ago Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.
CVE-2017-14064 critical 9.8 9.8 slesdebian debian rhel ruby-lang 9y ago Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which …
CVE-2017-14062 critical 9.8 9.8 FIX slesdebian debian gnu 9y ago Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2017-14061 critical 9.8 9.8 FIX debian debian gnu 9y ago Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2013-7426 critical 9.8 9.8 FIX debian debian kamailio 9y ago Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.
CVE-2017-12865 critical 9.8 9.8 FIX debian debian intel 9y ago Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string pass…
CVE-2017-13715 critical 9.8 9.8 FIX slesdebian debian linux-kernel 9y ago The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a…
CVE-2017-0899 critical 9.8 9.8 FIX slesdebian debian rhel rubygems 9y ago RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape seque…
CVE-2017-8380 critical 9.8 9.8 FIX slesdebian debian qemu 9y ago Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-1430 critical 9.8 9.8 FIX debian debian xymon 9y ago Buffer overflow in xymon 4.3.17-1.
CVE-2014-9513 critical 9.8 9.8 debian debian debian 9y ago Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.
CVE-2013-0870 critical 9.8 9.8 FIX debian debian ffmpeg 9y ago The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.
CVE-2015-5224 critical 9.8 9.8 FIX slesdebian debian kernel 9y ago The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
CVE-2017-12858 critical 9.8 9.8 FIX arch arch slesdebian debian libzip 9y ago Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
CVE-2017-13139 critical 9.8 9.8 FIX slesdebian debianubuntu ubuntu imagemagick 9y ago In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk.
CVE-2007-5199 critical 9.8 9.8 FIX debian debian x 9y ago A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
CVE-2015-1817 critical 9.8 9.8 FIX debian debian musl-libc 9y ago Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.
CVE-2017-12942 critical 9.8 9.8 FIX slesdebian debian rarlab 9y ago libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
CVE-2017-12941 critical 9.8 9.8 FIX slesdebian debian rarlab 9y ago libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
CVE-2017-12940 critical 9.8 9.8 FIX slesdebian debian rarlab 9y ago libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
CVE-2017-7555 critical 9.8 9.8 FIX debian debian sles augeas 9y ago Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the applicatio…
CVE-2011-0469 critical 9.8 9.8 FIX debian debian 9y ago Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.
CVE-2017-7551 critical 9.8 9.8 FIX debian debian fedoraproject 9y ago 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
CVE-2017-7546 critical 9.8 9.8 FIX arch arch slesdebian debian postgresql 9y ago PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
CVE-2017-9800 critical 9.8 9.8 FIX arch arch slesdebian debian apache 9y ago A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be ge…
CVE-2016-5018 critical 9.1 9.1 slesdebian debian rhel apachenetappredhat 9y ago Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
CVE-2017-12762 critical 9.8 9.8 FIX slesdebian debian linux-kernel 9y ago In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux …
CVE-2015-6816 critical 9.8 9.8 FIX debian debianfedora fedora ganglia 9y ago ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
CVE-2015-2311 critical 9.8 9.8 FIX debian debian capnproto 9y ago Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execut…
CVE-2015-2310 critical 9.1 9.1 FIX debian debian capnproto 9y ago Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory v…
CVE-2012-2781 critical 9.8 9.8 FIX debian debian ffmpeg 9y ago Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.
CVE-2012-2780 critical 9.8 9.8 FIX debian debian ffmpeg 9y ago Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.
CVE-2012-2778 critical 9.8 9.8 FIX debian debian ffmpeg 9y ago Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.
CVE-2012-2773 critical 9.8 9.8 FIX debian debian ffmpeg 9y ago Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
CVE-2012-2771 critical 9.8 9.8 FIX debian debian ffmpeg 9y ago Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
CVE-2010-3845 critical 9.8 9.8 FIX debian debian apache_authenhook_project 9y ago libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.