HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0.
A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions.
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.
A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service.
A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30.
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption.
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue.
A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow.
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to remote buffer overflow in dbman leading to code execution. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.
Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call.
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests.
The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147.
Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.
A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds write) via a crafted response.
The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP servers to cause a denial of service (out-of-bounds read) via a crafted response.
The decode_search function in dhcp.c in dhcpcd 3.x does not properly free allocated memory, which allows remote DHCP servers to cause a denial of service via a crafted response.
TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to an affected device with the goal of reaching the vulnerable section of the input buffer. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is specific to IPv6 traffic. IPv4 traffic is not affected.
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) implementation on Cisco ASR 5000 Packet Data Network Gateway devices before 19.4 allows remote attackers to cause a denial of service (Session Manager process restart) via a crafted GTPv1 packet, aka Bug ID CSCuz46198.
Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets.
HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other impact via unknown vectors.
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access."
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query.
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c.
Multiple heap-based buffer overflows in the eSap software platform in Huawei Campus S9300, S7700, S9700, S5300, S5700, S6300, and S6700 series switches; AR150, AR160, AR200, AR1200, AR2200, AR3200, AR530, NetEngine16EX, SRG1300, SRG2300, and SRG3300 series routers; and WLAN AC6005, AC6605, and ACU2 access controllers allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.
An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy.