Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 104663 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2017-11571 FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file. MEDIUM Jul 23, 2017 n/a
CVE-2017-11570 FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file. MEDIUM Jul 23, 2017 n/a
CVE-2017-11569 FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file. MEDIUM Jul 23, 2017 n/a
CVE-2017-11568 FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file. MEDIUM Jul 23, 2017 n/a
CVE-2017-11567 Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely. MEDIUM Sep 8, 2017 n/a
CVE-2017-11566 AppUse 4.0 allows shell command injection via a proxy field. HIGH Jul 25, 2017 n/a
CVE-2017-11565 debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script). MEDIUM Jul 23, 2017 n/a
CVE-2017-11564 The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack. HIGH Aug 24, 2018 n/a
CVE-2017-11563 D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP Discover service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device. HIGH Aug 24, 2018 n/a
CVE-2017-11562 A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php. MEDIUM Dec 18, 2017 n/a
CVE-2017-11561 An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the \"Group Chat\" or \"Alarm\" section. This functionality can be abused by a malicious user by uploading a web shell. MEDIUM May 24, 2019 n/a
CVE-2017-11560 An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application. LOW May 24, 2019 n/a
CVE-2017-11559 An issue was discovered in ZOHO ManageEngine OpManager 12.2. The \'apiKey\' parameter of \"/api/json/admin/getmailserversettings\" and \"/api/json/dashboard/gotoverviewlist\" is vulnerable to a Blind SQL Injection attack. MEDIUM May 24, 2019 n/a
CVE-2017-11557 An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company\'s network environment via a userconfiguration.do?method=editUser request. MEDIUM May 24, 2019 n/a
CVE-2017-11556 There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. MEDIUM Jul 22, 2017 n/a
CVE-2017-11555 There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. MEDIUM Jul 22, 2017 n/a
CVE-2017-11554 There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service. MEDIUM Jul 22, 2017 n/a
CVE-2017-11553 There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. MEDIUM Jul 22, 2017 n/a
CVE-2017-11552 The mad_decoder_run function in decoder.c in libmad 0.15.1b allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file. Medium Aug 8, 2017 n/a
CVE-2017-11551 The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file. Medium Aug 2, 2017 n/a
CVE-2017-11550 The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file. Medium Aug 2, 2017 n/a
CVE-2017-11549 The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option. High Aug 3, 2017 n/a
CVE-2017-11548 The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file. Medium Aug 2, 2017 n/a
CVE-2017-11547 The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation. Medium Aug 3, 2017 n/a
CVE-2017-11546 The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. Medium Aug 3, 2017 n/a
CVE-2017-11545 tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:253:34. MEDIUM Jul 22, 2017 n/a
CVE-2017-11544 tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:229:3. MEDIUM Jul 22, 2017 n/a
CVE-2017-11543 tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. HIGH Jul 22, 2017 n/a
CVE-2017-11542 tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. HIGH Jul 22, 2017 n/a
CVE-2017-11541 tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. HIGH Jul 22, 2017 n/a
CVE-2017-11540 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. MEDIUM Jul 22, 2017 n/a
CVE-2017-11539 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c. MEDIUM Jul 22, 2017 n/a
CVE-2017-11538 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. MEDIUM Jul 22, 2017 n/a
CVE-2017-11537 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. MEDIUM Jul 22, 2017 n/a
CVE-2017-11536 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. MEDIUM Jul 22, 2017 n/a
CVE-2017-11535 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. MEDIUM Jul 22, 2017 n/a
CVE-2017-11534 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. MEDIUM Jul 22, 2017 n/a
CVE-2017-11533 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. MEDIUM Jul 22, 2017 n/a
CVE-2017-11532 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. MEDIUM Jul 22, 2017 n/a
CVE-2017-11531 When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. MEDIUM Jul 22, 2017 n/a
CVE-2017-11530 The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. HIGH Jul 22, 2017 n/a
CVE-2017-11529 The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. MEDIUM Jul 22, 2017 n/a
CVE-2017-11528 The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. MEDIUM Jul 22, 2017 n/a
CVE-2017-11527 The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. HIGH Jul 22, 2017 n/a
CVE-2017-11526 The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file. HIGH Jul 22, 2017 n/a
CVE-2017-11525 The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. HIGH Jul 22, 2017 n/a
CVE-2017-11524 The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file. MEDIUM Jul 22, 2017 n/a
CVE-2017-11523 The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. HIGH Jul 22, 2017 n/a
CVE-2017-11522 The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. MEDIUM Jul 22, 2017 n/a
CVE-2017-11521 The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections. MEDIUM Jul 22, 2017 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online