Critical · CVSS 9.8
The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions.
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
Published Sep 14, 2017 · Updated Dec 4, 2025
Medium · CVSS 6.1
IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457.
Published Jul 31, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
Critical · CVSS 9.8
The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
Published Sep 14, 2017 · Updated Dec 4, 2025
High · CVSS 8.8
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
Published Feb 7, 2018 · Updated Dec 3, 2025
Critical · CVSS 9.1
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
Published May 1, 2017 · Updated Dec 3, 2025
Critical · CVSS 9.8
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
Published Feb 19, 2018 · Updated Dec 3, 2025
High · CVSS 7.5
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
Published Jun 8, 2017 · Updated Dec 3, 2025
High · CVSS 7.5
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
Published Jun 8, 2017 · Updated Dec 3, 2025
Critical · CVSS 9.2
Valve's Source SDK (source-sdk-2013)'s ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function `nexttoken` copies characters from an input string into a fixed-size stack buffer without performing bounds checks. When `ParseKeyValue` processes a collisionpair rule longer than the destination buffer (256 bytes), an overflow of the stack buffer `szToken` can occur and overwrite the function return address. A remote attacker can trigger the vulnerable code by supplying a specially crafted ragdoll model which causes the oversized collisionpair rule to be parsed, resulting in remote code execution on affected clients or servers. Valve has addressed this issue in many of their Source games, but independently-developed games must manually apply patch.
Published Oct 15, 2025 · Updated Nov 21, 2025
Critical · CVSS 9.3
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT record for a month‑generated domain. After receiving a decryption key, it then downloads and executes arbitrary code, creates an encrypted virtual file system (VFS) in the registry, and grants the attacker full remote code execution, data exfiltration, and persistence. NetSarang released builds for each product line that remediated the compromise: Xmanager Enterprise Build 1236, Xmanager Build 1049, Xshell Build 1326, Xftp Build 1222, and Xlpd Build 1224. Kaspersky Lab identified an instance of exploitation in the wild in August 2017.
Published Oct 9, 2025 · Updated Nov 21, 2025
Critical · CVSS 9.3
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry-point loader that diverts execution from __scrt_common_main_seh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at runtime, and transfers execution to an in-memory payload. The payload performs anti-analysis checks, gathers host telemetry, encodes the data with a two-stage obfuscation, and attempts HTTPS exfiltration to hard-coded C2 servers or month-based DGA domains. Potential impacts include remote data collection and exfiltration, stealthy in-memory execution and persistence, and potential lateral movement. CCleaner was developed by Piriform, which was acquired by Avast in July 2017; Avast later merged with NortonLifeLock to form the parent company now known as Gen Digital. According to vendor advisories, the compromised CCleaner build was released on August 15, 2017 and remediated on September 12, 2017 with v5.34; the compromised CCleaner Cloud build was released on August 24, 2017 and remediated on September 15, 2017 with v1.07.3214.
Published Oct 8, 2025 · Updated Nov 21, 2025
Medium · CVSS 5.1
Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting (XSS) via the Users and Servers pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Published Oct 30, 2025 · Updated Nov 17, 2025
High · CVSS 8.6
UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the context of the hosting process. The vulnerability requires user interaction (instantiation of the ActiveX control via a web page or a file).
Published Nov 12, 2025 · Updated Nov 13, 2025
Critical · CVSS 9.8
Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.
Published Nov 11, 2025 · Updated Nov 13, 2025
Unknown · CVSS Not scored
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
Published Sep 18, 2017 · Updated Nov 4, 2025
Unknown · CVSS Not scored
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Published Jun 20, 2017 · Updated Nov 4, 2025
Medium · CVSS 6.6
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.
Published Apr 20, 2017 · Updated Nov 3, 2025
Unknown · CVSS Not scored
The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
Published Apr 3, 2017 · Updated Nov 3, 2025
Critical · CVSS 9.8
In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.
Published Jan 22, 2024 · Updated Nov 3, 2025
Medium · CVSS 4.3
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451.
Published Jan 5, 2023 · Updated Nov 3, 2025