Max CVSS 10.0 Min CVSS 1.9 Total Count49
IDCVSSSummaryLast (major) updatePublished
CVE-2016-4449 5.8
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con
11-05-2017 - 21:29 09-06-2016 - 12:59
CVE-2017-5969 2.6
** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing opti
18-04-2017 - 11:58 11-04-2017 - 12:59
CVE-2017-6832 4.3
Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
13-04-2017 - 21:59 20-03-2017 - 12:59
CVE-2017-6831 4.3
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
13-04-2017 - 21:59 20-03-2017 - 12:59
CVE-2017-7578 6.8
Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an
12-04-2017 - 10:45 07-04-2017 - 00:59
CVE-2017-6837 4.3
WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.
04-04-2017 - 21:59 20-03-2017 - 12:59
CVE-2017-6829 4.3
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
30-03-2017 - 21:59 20-03-2017 - 12:59
CVE-2017-6828 6.8
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file.
30-03-2017 - 21:59 15-03-2017 - 10:59
CVE-2016-9264 4.3
Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.
27-03-2017 - 12:41 23-03-2017 - 14:59
CVE-2016-9265 4.3
The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.
27-03-2017 - 11:58 23-03-2017 - 14:59
CVE-2016-9266 4.3
listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift.
27-03-2017 - 11:53 23-03-2017 - 14:59
CVE-2017-6838 4.3
Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
22-03-2017 - 13:09 20-03-2017 - 12:59
CVE-2017-6836 4.3
Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
22-03-2017 - 13:08 20-03-2017 - 12:59
CVE-2017-6835 4.3
The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.
22-03-2017 - 13:02 20-03-2017 - 12:59
CVE-2017-6834 4.3
Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
22-03-2017 - 13:02 20-03-2017 - 12:59
CVE-2017-6833 4.3
The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.
22-03-2017 - 13:01 20-03-2017 - 12:59
CVE-2017-6830 4.3
Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
22-03-2017 - 13:01 20-03-2017 - 12:59
CVE-2017-6839 4.3
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
22-03-2017 - 10:40 20-03-2017 - 12:59
CVE-2017-6827 6.8
Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file.
17-03-2017 - 09:55 15-03-2017 - 10:59
CVE-2017-5579 4.9
Memory leak in the serial_exit_core function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug ope
16-03-2017 - 15:46 15-03-2017 - 11:59
CVE-2017-6543 6.0
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used t
13-03-2017 - 21:59 08-03-2017 - 18:59
CVE-2016-4448 10.0
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
28-02-2017 - 21:59 09-06-2016 - 12:59
CVE-2016-4447 5.0
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
28-02-2017 - 21:59 09-06-2016 - 12:59
CVE-2016-1840 6.8
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1839 6.8
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a craft
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1838 6.8
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1837 6.8
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remot
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1836 6.8
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1835 6.8
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1834 6.8
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-1833 6.8
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafte
28-02-2017 - 21:59 20-05-2016 - 06:59
CVE-2016-10087 5.0
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text c
28-02-2017 - 10:06 30-01-2017 - 17:59
CVE-2016-9831 6.8
Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.
17-02-2017 - 21:59 16-02-2017 - 21:59
CVE-2016-9829 6.8
Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.
17-02-2017 - 21:59 16-02-2017 - 21:59
CVE-2016-9828 4.3
The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file.
17-02-2017 - 21:59 16-02-2017 - 21:59
CVE-2016-9827 4.3
The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file.
17-02-2017 - 21:59 16-02-2017 - 21:59
CVE-2017-5845 5.0
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding t
13-02-2017 - 17:33 09-02-2017 - 10:59
CVE-2017-5840 5.0
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
13-02-2017 - 17:32 09-02-2017 - 10:59
CVE-2017-5841 5.0
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
13-02-2017 - 17:30 09-02-2017 - 10:59
CVE-2016-10198 4.3
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
13-02-2017 - 14:48 09-02-2017 - 10:59
CVE-2016-10199 5.0
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
13-02-2017 - 14:47 09-02-2017 - 10:59
CVE-2016-8667 1.9
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
06-01-2017 - 22:00 04-11-2016 - 17:59
CVE-2016-1762 10.0
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
27-12-2016 - 21:59 23-03-2016 - 21:59
CVE-2016-9318 6.8
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to condu
29-11-2016 - 13:02 15-11-2016 - 19:59
CVE-2016-5131 6.8
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-4658 10.0
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary co
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2015-8540 9.3
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impa
28-11-2016 - 14:48 14-04-2016 - 10:59
CVE-2006-2369 7.5
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is ac
17-10-2016 - 23:39 15-05-2006 - 12:06
CVE-2006-2450 7.5
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue
11-11-2014 - 11:17 18-07-2006 - 11:40
Back to Top Mark selected
Back to Top