Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE vulnerabilities

CVE Vulnerabilities

CVE vulnerabilities is a database of publicly known information security vulnerabilities and exposures.
Page: 123456 out of 2849

CVE-2017-8403 | May 01, 2017
360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8401 | May 01, 2017
In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8400 | May 01, 2017
In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8399 | May 01, 2017
PCRE2 before 2017-03-10 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8398 | May 01, 2017
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8397 | May 01, 2017
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8396 | May 01, 2017
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8395 | May 01, 2017
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8394 | May 01, 2017
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8393 | May 01, 2017
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8392 | May 01, 2017
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8388 | May 01, 2017
GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8385 | May 01, 2017
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8384 | May 01, 2017
Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8383 | May 01, 2017
Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8377 | May 01, 2017
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8376 | May 01, 2017
GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-6565 | May 01, 2017
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-6564 | May 01, 2017
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-6128 | May 01, 2017
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-5631 | May 01, 2017
An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8378 | April 30, 2017
Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8374 | April 30, 2017
The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8373 | April 30, 2017
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8372 | April 30, 2017
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

Page: 123456 out of 2849

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »