#c++

CVE-2017-18005: CVE-2017-18005: NULL Pointer Dereference while extracting metadata of a malformed tiff · Issue #168 · Exiv2/exiv2

Exiv2 0.26 has a Null Pointer Dereference in the Exiv2::DataValue::toLong function in value.cpp, related to crafted metadata in a TIFF file.

7 years ago

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.

7 years ago

CVE

Open in Source

#vulnerability #ios #mac #google #linux #git #intel #c++#perl #samba #pdf #vmware #bios #buffer_overflow #acer #auth #xiaomi #ibm #rpm

CVE-2017-17669: CVE-2017-17669: heap-buffer-overflow in Exiv2::Internal::PngChunk::keyTXTChunk · Issue #187 · Exiv2/exiv2

There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.

7 years ago

CVE

Open in Source

#vulnerability #dos #git #c++#auth

CVE-2017-5711: Security Center

Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

7 years ago

CVE

Open in Source

#xss #vulnerability #web #ios #android #mac #windows #microsoft #linux #dos #apache #git #intel #c++#rce #vmware #log4j #bios #buffer_overflow #auth #chrome #firefox #wifi #ssl

CVE-2017-2896: TALOS-2017-0403 || Cisco Talos Intelligence Group

An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

7 years ago

CVE

Open in Source

#vulnerability #mac #windows #microsoft #linux #cisco #intel #c++#rce

CVE-2017-8807: bugfix : coredump causes by memcpy in vbf_stp_error by shamger · Pull Request #2429 · varnishcache/varnish-cache

vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.

7 years ago

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.

7 years ago

CVE

Open in Source

#mac #linux #c++#perl #auth #ssh #ssl

CVE-2017-2816: TALOS-2017-0317 || Cisco Talos Intelligence Group

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.

7 years ago

CVE

Open in Source

#vulnerability #linux #cisco #git #intel #c++#buffer_overflow

CVE-2017-14416: Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.

7 years ago

CVE

Open in Source