IDCVSSSummaryLast (major) updatePublished
CVE-2017-5545 None
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
21-01-2017 - 01:59 21-01-2017 - 01:59
CVE-2016-9436 4.3
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2016-9435 4.3
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2016-6253 7.2
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2016-5323 5.0
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2016-5321 4.3
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers tocause a denial of service (invalid read and crash) via a crafted tiff image.
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2016-5319 4.3
Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2016-5318 4.3
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2016-5317 4.3
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2016-5316 4.3
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2014-9755 5.0
The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attac
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2014-9754 4.3
The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2014-2045 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the 'old' and 'new' interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an accoun
20-01-2017 - 15:59 20-01-2017 - 15:59
CVE-2017-5543 7.5
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2017-5542 4.3
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2017-5541 5.0
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2017-2578 4.3
In Moodle 3.x, there is XSS in the assignment submission page.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2017-2576 5.0
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2016-8644 5.0
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2016-8643 4.0
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2016-8642 5.0
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2016-7038 5.0
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2016-5014 5.8
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2016-5013 5.8
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2016-5012 5.0
In Moodle 3.x, glossary search displays entries without checking user permissions to view them.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2016-10143 5.0
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.
20-01-2017 - 08:59 20-01-2017 - 08:59
CVE-2016-5725 4.3
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
19-01-2017 - 22:59 19-01-2017 - 22:59
CVE-2016-9016 7.2
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
19-01-2017 - 20:59 19-01-2017 - 20:59
CVE-2016-7794 7.5
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.
19-01-2017 - 20:59 19-01-2017 - 20:59
CVE-2016-7793 6.8
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.
19-01-2017 - 20:59 19-01-2017 - 20:59
CVE-2016-7545 7.2
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
19-01-2017 - 20:59 19-01-2017 - 20:59
CVE-2016-7543 7.2
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
19-01-2017 - 20:59 19-01-2017 - 20:59
CVE-2016-10075 4.6
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
19-01-2017 - 20:59 19-01-2017 - 20:59
CVE-2015-8212 7.5
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.
19-01-2017 - 20:59 19-01-2017 - 20:59
CVE-2016-9650 4.3
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5226 4.3
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascri
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5225 4.3
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5224 4.3
A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5223 4.3
Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5222 4.3
Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5221 6.8
Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5220 4.3
PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5219 6.8
A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5218 4.3
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar)
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5217 4.3
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5216 6.8
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5215 6.8
A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5214 4.3
Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5213 6.8
A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
19-01-2017 - 05:59 19-01-2017 - 05:59
CVE-2016-5212 4.3
Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.
19-01-2017 - 05:59 19-01-2017 - 05:59
Back to Top Mark selected
Back to Top