Vulnerabilities (CVE)

Filtered by CWE-119
Total 11861 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-3917 1 Samsung 2 Sth-eth-250, Sth-eth-250 Firmware 2023-02-04 9.0 HIGH 9.9 CRITICAL
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.
CVE-2018-3984 1 Atlantiswordprocessor 1 Atlantis Word Processor 2023-02-04 6.8 MEDIUM 7.8 HIGH
An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a length within a loop that will write to a pointer on the heap. Due to this value being controlled, a buffer overflow will occur, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.
CVE-2018-19886 1 Audiocoding 1 Freeware Advanced Audio Coder 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case.
CVE-2021-3598 3 Debian, Openexr, Redhat 3 Debian Linux, Openexr, Enterprise Linux 2023-02-03 2.1 LOW 5.5 MEDIUM
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
CVE-2021-3605 3 Debian, Openexr, Redhat 3 Debian Linux, Openexr, Enterprise Linux 2023-02-03 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
CVE-2018-3951 1 Tp-link 2 Tl-r600vpn, Tl-r600vpn Firmware 2023-02-03 6.5 MEDIUM 7.2 HIGH
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability.
CVE-2020-10757 7 Canonical, Debian, Fedoraproject and 4 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2023-02-02 6.9 MEDIUM 7.8 HIGH
A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.
CVE-2018-10872 1 Redhat 4 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2023-02-02 4.9 MEDIUM 5.5 MEDIUM
A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, processor does not deliver interrupts and exceptions, they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in DoS. This CVE-2018-10872 was assigned due to regression of CVE-2018-8897 in Red Hat Enterprise Linux 6.10 GA kernel; no other versions are affected by this CVE.
CVE-2018-10932 1 Intel 1 Lldptool 2023-02-02 3.3 LOW 4.3 MEDIUM
lldptool can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
CVE-2016-4998 3 Canonical, Linux, Oracle 3 Ubuntu Linux, Linux Kernel, Linux 2023-02-02 5.6 MEDIUM 7.1 HIGH
An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments.
CVE-2017-7541 1 Linux 1 Linux Kernel 2023-02-02 7.2 HIGH 7.8 HIGH
Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.
CVE-2017-7506 1 Spice Project 1 Spice 2023-02-02 6.5 MEDIUM 8.8 HIGH
A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash.
CVE-2016-0795 2 Canonical, Libreoffice 2 Ubuntu Linux, Libreoffice 2023-02-02 9.3 HIGH 7.8 HIGH
Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file.
CVE-2016-0718 9 Apple, Canonical, Debian and 6 more 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more 2023-02-02 7.5 HIGH 9.8 CRITICAL
An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.
CVE-2016-1714 3 Oracle, Qemu, Redhat 3 Linux, Qemu, Openstack 2023-02-02 6.9 MEDIUM 8.1 HIGH
An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
CVE-2016-0749 5 Debian, Microsoft, Opensuse and 2 more 12 Debian Linux, Windows, Leap and 9 more 2023-02-02 10.0 HIGH 9.8 CRITICAL
A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process.
CVE-2016-0794 2 Canonical, Libreoffice 2 Ubuntu Linux, Libreoffice 2023-02-02 9.3 HIGH 7.8 HIGH
Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file.
CVE-2016-2857 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2023-02-02 3.6 LOW 8.4 HIGH
An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service).
CVE-2016-4447 8 Apple, Canonical, Debian and 5 more 12 Iphone Os, Itunes, Mac Os X and 9 more 2023-02-02 5.0 MEDIUM 7.5 HIGH
CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName
CVE-2015-5220 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server 2023-02-02 5.0 MEDIUM N/A
It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service.