| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. |
| Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). |
| IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. This vulnerability may result in the use of an incorrect memory address, leading to a Spectrum Scale/GPFS daemon failure with a Signal 11, and possibly leading to denial of service or undetected data corruption. IBM X-Force ID: 125458. |
| GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. |
| GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. |
| GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. |
| The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. |
| The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. |
| IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569. |
| Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption. |
| Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Windows Text Services Framework handles objects in memory, aka "Windows Shell Memory Corruption Vulnerability". |
| Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request. |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803. |
| There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. |
| There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. |
| There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. |
| There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. |
| There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. |
| There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. |
| There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. |
