Max CVSS 10.0 Min CVSS 1.8 Total Count835
IDCVSSSummaryLast (major) updatePublished
CVE-2016-8654 6.8
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
01-08-2018 - 12:29 01-08-2018 - 12:29
CVE-2018-8281 9.3
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPo
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2017-5469 7.5
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5465 6.4
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5464 7.5
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firef
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5462 5.0
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5460 7.5
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Fi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5459 7.5
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5448 7.5
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerabil
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5447 6.4
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5446 7.5
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Fi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5445 5.0
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5444 5.0
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1,
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5443 7.5
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5442 7.5
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5441 7.5
A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5440 7.5
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. T
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5439 7.5
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 5
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5438 7.5
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5436 6.8
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affec
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5435 7.5
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1,
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5434 7.5
A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5433 7.5
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5432 7.5
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5429 7.5
Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrar
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9591 4.3
JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.
09-03-2018 - 15:29 09-03-2018 - 15:29
CVE-2015-5377 7.5
** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability.
06-03-2018 - 15:29 06-03-2018 - 15:29
CVE-2016-6814 7.5
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible f
18-01-2018 - 13:29 18-01-2018 - 13:29
CVE-2016-1254 5.0
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
05-12-2017 - 11:29 05-12-2017 - 11:29
CVE-2017-16943 7.5
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
25-11-2017 - 12:29 25-11-2017 - 12:29
CVE-2017-3157 4.3
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections
20-11-2017 - 15:29 20-11-2017 - 15:29
CVE-2017-5637 5.0
Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3
09-10-2017 - 21:30 09-10-2017 - 21:30
CVE-2017-7650 4.0
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be
11-09-2017 - 12:29 11-09-2017 - 12:29
CVE-2014-9497 5.0
Buffer overflow in mpg123 before 1.18.0.
29-08-2017 - 16:29 29-08-2017 - 16:29
CVE-2017-5208 6.8
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of executi
22-08-2017 - 14:29 22-08-2017 - 14:29
CVE-2016-6796 5.0
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for t
10-08-2017 - 22:29 10-08-2017 - 22:29
CVE-2016-6797 5.0
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked
10-08-2017 - 18:29 10-08-2017 - 18:29
CVE-2016-6794 5.0
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the
10-08-2017 - 12:29 10-08-2017 - 12:29
CVE-2016-5018 5.0
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applica
10-08-2017 - 12:29 10-08-2017 - 12:29
CVE-2016-0762 4.3
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attac
10-08-2017 - 12:29 10-08-2017 - 12:29
CVE-2017-1000381 5.0
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
07-07-2017 - 13:29 07-07-2017 - 13:29
CVE-2017-5361 4.3
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing s
03-07-2017 - 12:29 03-07-2017 - 12:29
CVE-2017-7520 4.0
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.
27-06-2017 - 09:29 27-06-2017 - 09:29
CVE-2017-6892 6.8
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.
12-06-2017 - 12:29 12-06-2017 - 12:29
CVE-2017-0376 5.0
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.
09-06-2017 - 13:29 09-06-2017 - 13:29
CVE-2016-4473 7.5
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
08-06-2017 - 16:29 08-06-2017 - 16:29
CVE-2017-9023 4.3
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
08-06-2017 - 12:29 08-06-2017 - 12:29
CVE-2017-9022 5.0
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
08-06-2017 - 12:29 08-06-2017 - 12:29
CVE-2015-8538 4.3
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
07-06-2017 - 16:29 07-06-2017 - 16:29
CVE-2016-9961 10.0
game-music-emu before 0.6.1 mishandles unspecified integer values.
06-06-2017 - 14:29 06-06-2017 - 14:29
CVE-2016-9960 2.1
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
06-06-2017 - 14:29 06-06-2017 - 14:29
CVE-2017-5664 5.0
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request
06-06-2017 - 10:29 06-06-2017 - 10:29
CVE-2017-1000367 6.9
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
05-06-2017 - 10:29 05-06-2017 - 10:29
CVE-2017-8782 4.3
The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to
31-05-2017 - 00:29 31-05-2017 - 00:29
CVE-2017-7502 5.0
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
30-05-2017 - 14:29 30-05-2017 - 14:29
CVE-2017-9287 4.0
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
29-05-2017 - 12:29 29-05-2017 - 12:29
CVE-2016-10376 3.5
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
27-05-2017 - 20:29 27-05-2017 - 20:29
CVE-2015-9059 10.0
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.
27-05-2017 - 20:29 27-05-2017 - 20:29
CVE-2017-9239 4.3
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentatio
26-05-2017 - 06:29 26-05-2017 - 06:29
CVE-2017-9229 5.0
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_
24-05-2017 - 11:29 24-05-2017 - 11:29
CVE-2017-9228 7.5
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variab
24-05-2017 - 11:29 24-05-2017 - 11:29
CVE-2017-9227 7.5
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in for
24-05-2017 - 11:29 24-05-2017 - 11:29
CVE-2017-9226 7.5
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger th
24-05-2017 - 11:29 24-05-2017 - 11:29
CVE-2017-9224 7.5
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of vali
24-05-2017 - 11:29 24-05-2017 - 11:29
CVE-2017-2801 7.5
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered
24-05-2017 - 10:29 24-05-2017 - 10:29
CVE-2016-5735 6.8
Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2017-6891 6.8
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Co
22-05-2017 - 15:29 22-05-2017 - 15:29
CVE-2017-9144 4.3
In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.
22-05-2017 - 10:29 22-05-2017 - 10:29
CVE-2017-9143 4.3
In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.
22-05-2017 - 10:29 22-05-2017 - 10:29
CVE-2017-9142 4.3
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.
22-05-2017 - 10:29 22-05-2017 - 10:29
CVE-2017-9141 4.3
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.
22-05-2017 - 10:29 22-05-2017 - 10:29
CVE-2017-9098 5.0
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a lon
19-05-2017 - 15:29 19-05-2017 - 15:29
CVE-2017-7479 4.0
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
15-05-2017 - 14:29 15-05-2017 - 14:29
CVE-2017-8911 7.5
An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.
12-05-2017 - 03:29 12-05-2017 - 03:29
CVE-2017-8357 4.3
In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-8356 4.3
In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-8355 4.3
In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-8354 4.3
In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-8353 4.3
In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-8352 4.3
In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-8351 4.3
In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-8350 4.3
In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-8349 4.3
In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-8348 4.3
In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.
11-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-5461 7.5
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other i
11-05-2017 - 21:29 10-05-2017 - 21:29
CVE-2017-8342 4.3
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.
11-05-2017 - 12:40 30-04-2017 - 11:59
CVE-2017-8798 7.5
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
10-05-2017 - 21:29 10-05-2017 - 21:29
CVE-2017-8347 4.3
In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
10-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-8346 4.3
In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
10-05-2017 - 21:29 30-04-2017 - 13:59
CVE-2017-8114 6.5
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers
10-05-2017 - 15:29 29-04-2017 - 15:59
CVE-2017-8364 6.8
The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
10-05-2017 - 15:17 30-04-2017 - 15:59
CVE-2017-8296 5.0
kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is us
10-05-2017 - 13:52 27-04-2017 - 11:59
CVE-2016-10371 4.3
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.
10-05-2017 - 01:29 10-05-2017 - 01:29
CVE-2017-7957 5.0
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>
09-05-2017 - 20:23 29-04-2017 - 15:59
CVE-2017-8287 7.5
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
09-05-2017 - 08:44 26-04-2017 - 20:59
CVE-2014-8354 4.3
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
09-05-2017 - 08:40 11-04-2017 - 15:59
CVE-2017-7606 4.3
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified ot
09-05-2017 - 08:36 09-04-2017 - 10:59
CVE-2017-7941 4.3
The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
09-05-2017 - 08:36 18-04-2017 - 15:59
CVE-2017-7943 4.3
The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
09-05-2017 - 08:36 18-04-2017 - 15:59
CVE-2016-9444 5.0
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.
08-05-2017 - 21:29 12-01-2017 - 01:59
CVE-2016-9131 5.0
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.
08-05-2017 - 21:29 12-01-2017 - 01:59
CVE-2016-8864 5.0
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive
08-05-2017 - 21:29 02-11-2016 - 13:59
CVE-2016-7543 7.2
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
08-05-2017 - 21:29 19-01-2017 - 15:59
CVE-2017-8345 4.3
In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
08-05-2017 - 15:32 30-04-2017 - 13:59
CVE-2017-8344 4.3
In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.
08-05-2017 - 15:32 30-04-2017 - 13:59
CVE-2017-8343 4.3
In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
08-05-2017 - 15:31 30-04-2017 - 13:59
CVE-2016-10369 4.6
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
08-05-2017 - 14:29 08-05-2017 - 14:29
CVE-2017-8830 4.3
In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
08-05-2017 - 02:29 08-05-2017 - 02:29
CVE-2017-5938 4.3
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
07-05-2017 - 21:29 15-03-2017 - 10:59
CVE-2017-5661 7.9
In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable applic
05-05-2017 - 21:29 18-04-2017 - 10:59
CVE-2017-8365 4.3
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
05-05-2017 - 13:38 30-04-2017 - 15:59
CVE-2017-8363 4.3
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
05-05-2017 - 13:38 30-04-2017 - 15:59
CVE-2017-8362 4.3
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.
05-05-2017 - 13:19 30-04-2017 - 15:59
CVE-2017-8361 6.8
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
05-05-2017 - 13:19 30-04-2017 - 15:59
CVE-2017-1274 6.5
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.
05-05-2017 - 08:52 25-04-2017 - 14:59
CVE-2017-3523 6.0
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multip
04-05-2017 - 10:23 24-04-2017 - 15:59
CVE-2017-8765 7.1
The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.
04-05-2017 - 00:59 04-05-2017 - 00:59
CVE-2017-3586 5.5
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multip
02-05-2017 - 15:14 24-04-2017 - 15:59
CVE-2017-3589 2.1
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructu
02-05-2017 - 12:39 24-04-2017 - 15:59
CVE-2016-10243 7.5
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
02-05-2017 - 10:59 02-05-2017 - 10:59
CVE-2017-7692 9.0
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell comma
01-05-2017 - 21:59 20-04-2017 - 10:59
CVE-2016-4313 6.8
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.
01-05-2017 - 21:59 24-04-2017 - 14:59
CVE-2017-8401 4.3
In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS.
01-05-2017 - 15:59 01-05-2017 - 15:59
CVE-2017-8400 6.8
In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might caus
01-05-2017 - 15:59 01-05-2017 - 15:59
CVE-2017-8073 5.0
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.
28-04-2017 - 14:17 23-04-2017 - 11:59
CVE-2017-5029 6.8
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which a
28-04-2017 - 14:16 24-04-2017 - 19:59
CVE-2017-8105 7.5
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.
28-04-2017 - 13:50 24-04-2017 - 14:59
CVE-2016-5399 6.8
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
27-04-2017 - 15:54 21-04-2017 - 16:59
CVE-2017-7875 7.5
In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double
25-04-2017 - 12:12 14-04-2017 - 14:59
CVE-2017-5662 7.9
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable ap
25-04-2017 - 11:06 18-04-2017 - 10:59
CVE-2017-7867 5.0
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
25-04-2017 - 11:05 14-04-2017 - 00:59
CVE-2017-7868 5.0
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
25-04-2017 - 11:05 14-04-2017 - 00:59
CVE-2017-7975 6.8
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (applicat
24-04-2017 - 20:44 19-04-2017 - 12:59
CVE-2017-7976 5.8
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure
24-04-2017 - 20:43 19-04-2017 - 13:59
CVE-2017-7885 5.8
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symb
24-04-2017 - 20:42 16-04-2017 - 20:59
CVE-2017-7870 7.5
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
20-04-2017 - 14:11 14-04-2017 - 00:59
CVE-2016-10328 7.5
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.
20-04-2017 - 12:18 14-04-2017 - 00:59
CVE-2015-8271 7.5
The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.
20-04-2017 - 09:26 13-04-2017 - 10:59
CVE-2015-8270 5.0
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash).
20-04-2017 - 09:19 13-04-2017 - 10:59
CVE-2016-9958 6.8
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
20-04-2017 - 08:47 12-04-2017 - 16:59
CVE-2016-9957 6.8
Stack-based buffer overflow in game-music-emu before 0.6.1.
20-04-2017 - 08:45 12-04-2017 - 16:59
CVE-2016-9959 6.8
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
20-04-2017 - 08:26 12-04-2017 - 16:59
CVE-2015-8272 4.3
RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash).
19-04-2017 - 15:36 13-04-2017 - 10:59
CVE-2014-8355 4.3
PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
17-04-2017 - 14:18 11-04-2017 - 15:59
CVE-2014-8716 2.1
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
17-04-2017 - 09:00 11-04-2017 - 15:59
CVE-2014-8562 4.3
DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
17-04-2017 - 08:52 11-04-2017 - 15:59
CVE-2017-7619 5.0
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and
14-04-2017 - 21:09 10-04-2017 - 10:59
CVE-2016-10251 6.8
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
13-04-2017 - 21:59 15-03-2017 - 10:59
CVE-2013-6629 5.0
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of s
12-04-2017 - 21:59 18-11-2013 - 23:50
CVE-2016-8735 7.5
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because
12-04-2017 - 16:42 06-04-2017 - 17:59
CVE-2017-7578 6.8
Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an
12-04-2017 - 10:45 07-04-2017 - 00:59
CVE-2017-0360 3.5
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-201
11-04-2017 - 15:02 04-04-2017 - 13:59
CVE-2017-7380 4.3
The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
10-04-2017 - 18:31 03-04-2017 - 01:59
CVE-2016-10220 4.3
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF T
10-04-2017 - 18:28 03-04-2017 - 01:59
CVE-2017-7383 4.3
The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
10-04-2017 - 18:27 03-04-2017 - 01:59
CVE-2017-7382 4.3
The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
10-04-2017 - 17:40 03-04-2017 - 01:59
CVE-2017-6448 6.8
The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.
10-04-2017 - 17:37 03-04-2017 - 01:59
CVE-2017-5951 4.3
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
10-04-2017 - 10:47 03-04-2017 - 01:59
CVE-2016-10219 4.3
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
10-04-2017 - 10:27 03-04-2017 - 01:59
CVE-2017-7272 5.8
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that
09-04-2017 - 21:59 27-03-2017 - 13:59
CVE-2016-10244 6.8
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other i
07-04-2017 - 21:59 06-03-2017 - 01:59
CVE-2017-6964 7.2
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged use
07-04-2017 - 15:30 27-03-2017 - 21:59
CVE-2017-7378 4.3
The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
06-04-2017 - 09:35 03-04-2017 - 01:59
CVE-2017-7379 4.3
The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
06-04-2017 - 09:35 03-04-2017 - 01:59
CVE-2017-7381 4.3
The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
06-04-2017 - 09:34 03-04-2017 - 01:59
CVE-2017-6949 6.8
An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unex
04-04-2017 - 21:59 16-03-2017 - 13:59
CVE-2016-9922 2.1
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors invol
31-03-2017 - 12:38 27-03-2017 - 11:59
CVE-2017-3857 7.8
A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload
30-03-2017 - 10:43 22-03-2017 - 15:59
CVE-2016-9264 4.3
Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.
27-03-2017 - 12:41 23-03-2017 - 14:59
CVE-2016-9265 4.3
The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.
27-03-2017 - 11:58 23-03-2017 - 14:59
CVE-2016-9266 4.3
listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift.
27-03-2017 - 11:53 23-03-2017 - 14:59
CVE-2016-8887 4.3
The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).
27-03-2017 - 11:43 23-03-2017 - 14:59
CVE-2017-5852 4.3
The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.
24-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2016-6816 6.8
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also
24-03-2017 - 11:12 20-03-2017 - 14:59
CVE-2016-7800 5.0
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
23-03-2017 - 21:59 06-02-2017 - 12:59
CVE-2015-7799 4.9
The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted P
23-03-2017 - 21:59 19-10-2015 - 06:59
CVE-2017-5617 5.8
The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.
23-03-2017 - 14:30 16-03-2017 - 11:59
CVE-2014-9841 7.5
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."
22-03-2017 - 15:01 20-03-2017 - 12:59
CVE-2015-8981 7.5
Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.
21-03-2017 - 15:05 16-03-2017 - 11:59
CVE-2017-6967 7.5
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so b
21-03-2017 - 14:48 17-03-2017 - 05:59
CVE-2016-10195 7.5
The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.
21-03-2017 - 10:29 15-03-2017 - 11:59
CVE-2017-6960 5.0
An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable.
20-03-2017 - 13:00 17-03-2017 - 05:59
CVE-2016-10197 5.0
The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.
17-03-2017 - 09:17 15-03-2017 - 11:59
CVE-2016-10196 5.0
Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string ar
17-03-2017 - 09:17 15-03-2017 - 11:59
CVE-2017-6848 4.3
The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
16-03-2017 - 15:11 15-03-2017 - 10:59
CVE-2017-6840 4.3
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.
16-03-2017 - 15:10 15-03-2017 - 10:59
CVE-2017-6847 4.3
The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
16-03-2017 - 15:10 15-03-2017 - 10:59
CVE-2017-6842 4.3
The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
16-03-2017 - 15:04 15-03-2017 - 10:59
CVE-2017-6844 6.8
Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.
16-03-2017 - 14:47 15-03-2017 - 10:59
CVE-2017-6843 6.8
Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.
16-03-2017 - 14:34 15-03-2017 - 10:59
CVE-2017-5522 7.5
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature request
16-03-2017 - 14:27 15-03-2017 - 12:59
CVE-2017-5668 7.5
bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulner
15-03-2017 - 21:59 14-03-2017 - 10:59
CVE-2016-10189 5.0
BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list.
15-03-2017 - 21:59 14-03-2017 - 10:59
CVE-2016-10188 7.5
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
15-03-2017 - 21:59 14-03-2017 - 10:59
CVE-2017-6820 4.3
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
14-03-2017 - 21:59 12-03-2017 - 00:59
CVE-2017-6011 4.3
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.
13-03-2017 - 21:59 16-02-2017 - 06:59
CVE-2017-6010 4.3
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.
13-03-2017 - 21:59 16-02-2017 - 06:59
CVE-2017-6009 4.3
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a ne
13-03-2017 - 21:59 16-02-2017 - 06:59
CVE-2016-8714 6.8
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malic
13-03-2017 - 21:59 10-03-2017 - 05:59
CVE-2017-6596 4.3
partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user runnin
13-03-2017 - 12:39 10-03-2017 - 05:59
CVE-2017-5929 7.5
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
13-03-2017 - 12:16 13-03-2017 - 02:59
CVE-2016-6129 5.0
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatur
13-03-2017 - 11:24 13-02-2017 - 13:59
CVE-2017-6801 5.0
An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.
13-03-2017 - 10:37 10-03-2017 - 05:59
CVE-2017-6802 5.0
An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.
13-03-2017 - 10:37 10-03-2017 - 05:59
CVE-2016-8863 7.5
Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed
08-03-2017 - 21:59 07-03-2017 - 11:59
CVE-2017-6500 4.3
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.
07-03-2017 - 21:59 05-03-2017 - 21:59
CVE-2017-6498 4.3
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
07-03-2017 - 21:59 05-03-2017 - 21:59
CVE-2016-10062 4.3
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
07-03-2017 - 09:26 02-03-2017 - 16:59
CVE-2016-8859 7.5
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.
07-03-2017 - 09:20 13-02-2017 - 13:59
CVE-2017-5981 4.3
seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5980 4.3
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5979 4.3
The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5978 4.3
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5976 4.3
Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5975 4.3
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5974 4.3
Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5835 5.0
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
06-03-2017 - 21:59 03-03-2017 - 10:59
CVE-2017-5834 4.3
The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.
06-03-2017 - 21:59 03-03-2017 - 10:59
CVE-2016-7972 5.0
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
04-03-2017 - 18:31 03-03-2017 - 11:59
CVE-2016-7969 5.0
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
04-03-2017 - 18:11 03-03-2017 - 11:59
CVE-2016-7408 6.5
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
04-03-2017 - 18:10 03-03-2017 - 11:59
CVE-2016-7409 2.1
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
04-03-2017 - 18:02 03-03-2017 - 11:59
CVE-2016-7406 10.0
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
04-03-2017 - 18:00 03-03-2017 - 11:59
CVE-2016-7407 10.0
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
04-03-2017 - 17:55 03-03-2017 - 11:59
CVE-2017-5886 6.8
Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.
03-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5854 4.3
base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
02-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5853 6.8
Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.
02-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2016-1245 7.5
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BU
02-03-2017 - 10:54 22-02-2017 - 18:59
CVE-2017-5885 7.5
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColo
02-03-2017 - 10:35 28-02-2017 - 13:59
CVE-2017-5884 6.8
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
02-03-2017 - 10:25 28-02-2017 - 13:59
CVE-2017-6350 7.5
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
01-03-2017 - 21:59 27-02-2017 - 02:59
CVE-2017-6349 7.5
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
01-03-2017 - 21:59 27-02-2017 - 02:59
CVE-2017-6310 6.8
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-6309 6.8
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-6308 6.8
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-6307 6.8
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-6305 6.8
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-6304 6.8
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-6303 6.8
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-6302 6.8
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-6301 6.8
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-6300 6.8
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h."
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-6299 4.3
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-6298 6.8
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."
01-03-2017 - 21:59 23-02-2017 - 23:59
CVE-2017-5953 7.5
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
28-02-2017 - 21:59 10-02-2017 - 02:59
CVE-2015-8903 4.3
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
28-02-2017 - 13:52 27-02-2017 - 17:59
CVE-2015-8901 4.3
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
28-02-2017 - 13:50 27-02-2017 - 17:59
CVE-2015-8902 4.3
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.
28-02-2017 - 13:50 27-02-2017 - 17:59
CVE-2015-8900 4.3
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
28-02-2017 - 13:11 27-02-2017 - 17:59
CVE-2016-10002 5.0
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack req
27-02-2017 - 21:36 27-01-2017 - 12:59
CVE-2016-10109 5.0
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.
27-02-2017 - 09:41 23-02-2017 - 15:59
CVE-2016-6621 5.0
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
24-02-2017 - 14:28 31-01-2017 - 14:59
CVE-2016-2177 7.5
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveragi
23-02-2017 - 14:43 19-06-2016 - 21:59
CVE-2016-9560 6.8
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
23-02-2017 - 11:06 15-02-2017 - 14:59
CVE-2016-8693 6.8
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
22-02-2017 - 14:20 15-02-2017 - 14:59
CVE-2016-8692 4.3
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
22-02-2017 - 14:19 15-02-2017 - 14:59
CVE-2016-8691 4.3
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
22-02-2017 - 14:18 15-02-2017 - 14:59
CVE-2016-5042 5.0
The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.
22-02-2017 - 12:48 17-02-2017 - 12:59
CVE-2016-5039 5.0
The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on.
22-02-2017 - 12:47 17-02-2017 - 12:59
CVE-2016-5038 5.0
The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str.
22-02-2017 - 12:46 17-02-2017 - 12:59
CVE-2016-5036 5.0
The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data.
22-02-2017 - 12:42 17-02-2017 - 12:59
CVE-2016-5034 4.3
dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records.
22-02-2017 - 12:41 17-02-2017 - 12:59
CVE-2016-10164 7.5
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensi
22-02-2017 - 11:19 01-02-2017 - 10:59
CVE-2016-9831 6.8
Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.
17-02-2017 - 21:59 16-02-2017 - 21:59
CVE-2016-9829 6.8
Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.
17-02-2017 - 21:59 16-02-2017 - 21:59
CVE-2016-9828 4.3
The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file.
17-02-2017 - 21:59 16-02-2017 - 21:59
CVE-2016-9827 4.3
The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file.
17-02-2017 - 21:59 16-02-2017 - 21:59
CVE-2016-6866 5.0
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.
17-02-2017 - 12:43 15-02-2017 - 14:59
CVE-2016-7392 4.3
Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file.
17-02-2017 - 12:09 15-02-2017 - 16:59
CVE-2016-8688 4.3
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2)
17-02-2017 - 11:59 15-02-2017 - 14:59
CVE-2016-8687 5.0
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
17-02-2017 - 11:58 15-02-2017 - 14:59
CVE-2016-7393 4.3
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
17-02-2017 - 09:33 15-02-2017 - 16:59
CVE-2016-8689 5.0
The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.
17-02-2017 - 08:54 15-02-2017 - 14:59
CVE-2016-4538 7.5
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows rem
16-02-2017 - 21:59 21-05-2016 - 21:59
CVE-2015-8750 4.3
libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file.
16-02-2017 - 08:31 13-02-2017 - 13:59
CVE-2017-5837 4.3
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.
13-02-2017 - 17:36 09-02-2017 - 10:59
CVE-2017-5843 5.0
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors
13-02-2017 - 17:35 09-02-2017 - 10:59
CVE-2017-5844 4.3
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.
13-02-2017 - 17:33 09-02-2017 - 10:59
CVE-2017-5840 5.0
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
13-02-2017 - 17:32 09-02-2017 - 10:59
CVE-2017-5847 5.0
The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors.
13-02-2017 - 17:31 09-02-2017 - 10:59
CVE-2017-5848 5.0
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
13-02-2017 - 17:29 09-02-2017 - 10:59
CVE-2017-5846 4.3
The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of
13-02-2017 - 17:26 09-02-2017 - 10:59
CVE-2016-10198 4.3
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
13-02-2017 - 14:48 09-02-2017 - 10:59
CVE-2017-3289 6.8
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated at
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2017-3272 6.8
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthent
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2017-3261 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthen
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2017-3260 5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2017-3253 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerabi
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2017-3252 2.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulne
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2017-3241 6.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulner
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2017-3231 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthen
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2016-5552 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable v
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2016-5548 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthent
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2016-5547 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerabi
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2016-5546 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vu
10-02-2017 - 21:59 27-01-2017 - 17:59
CVE-2016-7449 5.0
The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string.
09-02-2017 - 16:30 06-02-2017 - 12:59
CVE-2016-7447 7.5
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
09-02-2017 - 14:15 06-02-2017 - 12:59
CVE-2016-7446 7.5
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
09-02-2017 - 13:51 06-02-2017 - 12:59
CVE-2016-10165 5.8
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
09-02-2017 - 10:05 03-02-2017 - 14:59
CVE-2016-9532 4.3
Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file.
08-02-2017 - 13:43 06-02-2017 - 12:59
CVE-2016-9939 5.0
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then t
07-02-2017 - 16:42 30-01-2017 - 16:59
CVE-2016-9635 7.5
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 's
07-02-2017 - 15:41 27-01-2017 - 17:59
CVE-2016-9082 4.3
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.
07-02-2017 - 15:40 03-02-2017 - 10:59
CVE-2016-9634 7.5
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_lin
07-02-2017 - 13:25 27-01-2017 - 17:59
CVE-2016-9636 7.5
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'w
07-02-2017 - 13:24 27-01-2017 - 17:59
CVE-2017-5601 5.0
An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.
07-02-2017 - 11:59 27-01-2017 - 17:59
CVE-2016-5824 4.3
libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
05-02-2017 - 15:40 27-01-2017 - 17:59
CVE-2016-2050 4.3
The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file.
05-02-2017 - 15:34 31-01-2017 - 14:59
CVE-2016-2939 4.3
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
05-02-2017 - 15:33 01-02-2017 - 15:59
CVE-2016-6113 4.3
IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
05-02-2017 - 15:33 01-02-2017 - 15:59
CVE-2016-5880 3.5
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
05-02-2017 - 15:32 01-02-2017 - 15:59
CVE-2016-5882 4.3
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
05-02-2017 - 15:31 01-02-2017 - 15:59
CVE-2016-5881 4.3
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
05-02-2017 - 15:30 01-02-2017 - 17:59
CVE-2016-2938 4.3
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
05-02-2017 - 15:30 01-02-2017 - 15:59
CVE-2016-2399 6.8
Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.
05-02-2017 - 15:23 30-01-2017 - 17:59
CVE-2016-5884 4.3
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
03-02-2017 - 12:09 01-02-2017 - 15:59
CVE-2016-9119 4.3
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
03-02-2017 - 10:59 30-01-2017 - 17:59
CVE-2016-7939 7.5
The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
01-02-2017 - 18:00 27-01-2017 - 20:59
CVE-2017-5205 7.5
The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
01-02-2017 - 18:00 27-01-2017 - 20:59
CVE-2016-7937 7.5
The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().
01-02-2017 - 17:59 27-01-2017 - 20:59
CVE-2017-5482 7.5
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.
01-02-2017 - 17:59 27-01-2017 - 20:59
CVE-2016-8574 7.5
The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
01-02-2017 - 17:59 27-01-2017 - 20:59
CVE-2016-7983 7.5
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
01-02-2017 - 17:58 27-01-2017 - 20:59
CVE-2016-7931 7.5
The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
01-02-2017 - 17:58 27-01-2017 - 20:59
CVE-2016-7938 7.5
The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
01-02-2017 - 17:58 27-01-2017 - 20:59
CVE-2016-7926 7.5
The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
01-02-2017 - 17:56 27-01-2017 - 20:59
CVE-2016-7984 7.5
The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().
01-02-2017 - 17:56 27-01-2017 - 20:59
CVE-2016-7923 7.5
The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().
01-02-2017 - 17:56 27-01-2017 - 20:59
CVE-2017-5486 7.5
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
01-02-2017 - 17:55 27-01-2017 - 20:59
CVE-2016-7929 7.5
The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().
01-02-2017 - 17:55 27-01-2017 - 20:59
CVE-2017-5483 7.5
The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().
01-02-2017 - 17:55 27-01-2017 - 20:59
CVE-2016-7930 7.5
The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
01-02-2017 - 17:54 27-01-2017 - 20:59
CVE-2016-7973 7.5
The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
01-02-2017 - 17:53 27-01-2017 - 20:59
CVE-2016-7922 7.5
The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().
01-02-2017 - 17:53 27-01-2017 - 20:59
CVE-2016-7932 7.5
The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
01-02-2017 - 17:53 27-01-2017 - 20:59
CVE-2016-7992 7.5
The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().
01-02-2017 - 17:52 27-01-2017 - 20:59
CVE-2016-7974 7.5
The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
01-02-2017 - 17:52 27-01-2017 - 20:59
CVE-2017-5341 7.5
The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().
01-02-2017 - 17:52 27-01-2017 - 20:59
CVE-2016-7975 7.5
The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().
01-02-2017 - 17:52 27-01-2017 - 20:59
CVE-2017-5203 7.5
The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
01-02-2017 - 17:51 27-01-2017 - 20:59
CVE-2016-7940 7.5
The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
01-02-2017 - 17:51 27-01-2017 - 20:59
CVE-2016-7985 7.5
The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().
01-02-2017 - 17:50 27-01-2017 - 20:59
CVE-2016-7936 7.5
The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().
01-02-2017 - 17:50 27-01-2017 - 20:59
CVE-2016-7933 7.5
The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
01-02-2017 - 17:50 27-01-2017 - 20:59
CVE-2017-5204 7.5
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
01-02-2017 - 17:49 27-01-2017 - 20:59
CVE-2016-7928 7.5
The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
01-02-2017 - 17:49 27-01-2017 - 20:59
CVE-2016-7934 7.5
The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().
01-02-2017 - 17:49 27-01-2017 - 20:59
CVE-2016-7924 7.5
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().
01-02-2017 - 17:49 27-01-2017 - 20:59
CVE-2017-5484 7.5
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().
01-02-2017 - 17:49 27-01-2017 - 20:59
CVE-2016-8575 7.5
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.
01-02-2017 - 17:48 27-01-2017 - 20:59
CVE-2017-5342 7.5
In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().
01-02-2017 - 17:48 27-01-2017 - 20:59
CVE-2016-7993 7.5
A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).
01-02-2017 - 17:48 27-01-2017 - 20:59
CVE-2016-7925 7.5
The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
01-02-2017 - 17:47 27-01-2017 - 20:59
CVE-2017-5485 7.5
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
01-02-2017 - 17:46 27-01-2017 - 20:59
CVE-2017-5202 7.5
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
01-02-2017 - 17:46 27-01-2017 - 20:59
CVE-2016-7935 7.5
The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().
01-02-2017 - 17:46 27-01-2017 - 20:59
CVE-2016-7927 7.5
The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().
01-02-2017 - 17:45 27-01-2017 - 20:59
CVE-2016-7986 7.5
The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.
01-02-2017 - 17:44 27-01-2017 - 20:59
CVE-2016-8883 4.3
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
31-01-2017 - 21:59 13-01-2017 - 11:59
CVE-2016-8882 4.3
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
31-01-2017 - 21:59 13-01-2017 - 11:59
CVE-2016-7146 4.3
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) co
31-01-2017 - 21:59 10-11-2016 - 12:59
CVE-2016-6911 4.3
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
31-01-2017 - 21:59 26-01-2017 - 10:59
CVE-2016-4793 5.0
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
31-01-2017 - 21:59 23-01-2017 - 16:59
CVE-2016-7478 5.0
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
27-01-2017 - 14:41 11-01-2017 - 01:59
CVE-2016-9809 6.8
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
27-01-2017 - 12:12 13-01-2017 - 11:59
CVE-2016-9273 4.3
tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.
27-01-2017 - 10:14 18-01-2017 - 12:59
CVE-2016-9445 5.0
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
26-01-2017 - 09:59 23-01-2017 - 16:59
CVE-2016-9446 5.0
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
26-01-2017 - 09:32 23-01-2017 - 16:59
CVE-2016-9447 6.8
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
26-01-2017 - 09:32 23-01-2017 - 16:59
CVE-2016-7999 4.3
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
23-01-2017 - 18:55 18-01-2017 - 12:59
CVE-2016-7998 6.5
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
23-01-2017 - 18:52 18-01-2017 - 12:59
CVE-2016-7982 5.0
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
23-01-2017 - 18:49 18-01-2017 - 12:59
CVE-2016-7981 4.3
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
23-01-2017 - 18:48 18-01-2017 - 12:59
CVE-2016-9297 5.0
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values.
23-01-2017 - 14:57 18-01-2017 - 12:59
CVE-2016-5318 4.3
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
20-01-2017 - 14:23 20-01-2017 - 10:59
CVE-2016-9584 6.4
libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file.
20-01-2017 - 12:26 18-01-2017 - 12:59
CVE-2016-5725 4.3
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
20-01-2017 - 12:23 19-01-2017 - 17:59
CVE-2016-7980 6.8
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted
19-01-2017 - 21:59 18-01-2017 - 12:59
CVE-2017-5223 2.1
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using
18-01-2017 - 13:20 16-01-2017 - 01:59
CVE-2016-8606 7.5
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
18-01-2017 - 11:27 12-01-2017 - 17:59
CVE-2016-8605 5.0
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mod
18-01-2017 - 10:59 12-01-2017 - 17:59
CVE-2016-9811 4.3
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
18-01-2017 - 09:39 13-01-2017 - 11:59
CVE-2016-9933 5.0
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation vi
17-01-2017 - 21:59 04-01-2017 - 15:59
CVE-2016-9147 5.0
named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.
17-01-2017 - 21:59 12-01-2017 - 01:59
CVE-2016-8706 6.8
An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
17-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-8705 7.5
Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
17-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-8704 7.5
An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
17-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-5384 4.6
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
17-01-2017 - 21:59 12-08-2016 - 21:59
CVE-2016-5284 4.3
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.
17-01-2017 - 21:59 22-09-2016 - 18:59
CVE-2016-5281 7.5
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code a
17-01-2017 - 21:59 22-09-2016 - 18:59
CVE-2016-5280 7.5
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirec
17-01-2017 - 21:59 22-09-2016 - 18:59
CVE-2016-5278 6.8
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled
17-01-2017 - 21:59 22-09-2016 - 18:59
CVE-2016-5277 7.5
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrup
17-01-2017 - 21:59 22-09-2016 - 18:59
CVE-2016-5276 7.5
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denia
17-01-2017 - 21:59 22-09-2016 - 18:59
CVE-2016-5272 6.8
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execut
17-01-2017 - 21:59 22-09-2016 - 18:59
CVE-2016-5270 7.5
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds
17-01-2017 - 21:59 22-09-2016 - 18:59
CVE-2016-5261 7.5
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets th
17-01-2017 - 21:59 04-08-2016 - 21:59
CVE-2016-5257 7.5
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly e
17-01-2017 - 21:59 22-09-2016 - 18:59
CVE-2016-5250 5.0
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
17-01-2017 - 21:59 04-08-2016 - 21:59
CVE-2016-1248 6.8
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
17-01-2017 - 21:59 23-11-2016 - 10:59
CVE-2016-7479 7.5
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
13-01-2017 - 11:01 11-01-2017 - 19:59
CVE-2016-9375 4.3
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
10-01-2017 - 23:13 17-11-2016 - 00:59
CVE-2016-9376 4.3
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length valu
10-01-2017 - 23:13 17-11-2016 - 00:59
CVE-2016-9374 4.3
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable prope
10-01-2017 - 22:00 17-11-2016 - 00:59
CVE-2016-9373 4.3
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss
10-01-2017 - 21:59 17-11-2016 - 00:59
CVE-2016-6831 5.0
The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all re
10-01-2017 - 21:55 10-01-2017 - 10:59
CVE-2016-6830 7.5
The "process-execute" and "process-spawn" procedures in CHICKEN Scheme used fixed-size buffers for holding the arguments and environment variables to use in its execve() call. This would allow user-supplied argument/environment variable lists to trig
10-01-2017 - 21:54 10-01-2017 - 10:59
CVE-2016-9427 7.5
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
06-01-2017 - 22:00 11-12-2016 - 21:59
CVE-2016-8670 7.5
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer ov
06-01-2017 - 22:00 04-01-2017 - 15:59
CVE-2016-6321 5.0
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the
06-01-2017 - 22:00 09-12-2016 - 17:59
CVE-2016-5180 7.5
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
06-01-2017 - 22:00 03-10-2016 - 11:59
CVE-2014-9911 7.5
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other i
06-01-2017 - 22:00 04-01-2017 - 15:59
CVE-2014-8727 6.2
Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/j
06-01-2017 - 22:00 17-11-2014 - 11:59
CVE-2014-7169 10.0
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted enviro
06-01-2017 - 22:00 24-09-2014 - 21:55
CVE-2014-2427 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
06-01-2017 - 21:59 15-04-2014 - 22:55
CVE-2014-0963 7.1
The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop)
06-01-2017 - 21:59 08-05-2014 - 06:55
CVE-2014-0461 9.3
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0460 5.8
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0459 4.3
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0458 7.5
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and C
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0457 10.0
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0455 9.3
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 a
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0454 7.5
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0453 4.0
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0452 7.5
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and C
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0451 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412.
06-01-2017 - 21:59 15-04-2014 - 21:55
CVE-2014-0449 5.0
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
06-01-2017 - 21:59 15-04-2014 - 20:55
CVE-2014-0448 7.6
Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
06-01-2017 - 21:59 15-04-2014 - 20:55
CVE-2014-0446 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
06-01-2017 - 21:59 15-04-2014 - 20:55
CVE-2014-0429 10.0
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
06-01-2017 - 21:59 15-04-2014 - 20:55
CVE-2014-0423 5.5
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans.
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2014-0416 5.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2014-0411 4.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous inf
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2014-0368 5.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU.
06-01-2017 - 21:59 15-01-2014 - 11:08
CVE-2016-10074 7.5
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mai
03-01-2017 - 13:56 30-12-2016 - 14:59
CVE-2015-0854 9.3
App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.
03-01-2017 - 13:50 29-12-2016 - 13:59
CVE-2015-3294 6.4
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malforme
02-01-2017 - 22:00 08-05-2015 - 10:59
CVE-2013-2473 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
30-12-2016 - 21:59 18-06-2013 - 18:55
CVE-2013-2472 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
30-12-2016 - 21:59 18-06-2013 - 18:55
CVE-2013-2471 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
30-12-2016 - 21:59 18-06-2013 - 18:55
CVE-2016-9921 2.1
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw
27-12-2016 - 14:01 23-12-2016 - 17:59
CVE-2016-9911 2.1
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in
27-12-2016 - 14:00 23-12-2016 - 17:59
CVE-2016-7966 7.5
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which gre
27-12-2016 - 13:42 23-12-2016 - 17:59
CVE-2016-6623 4.0
An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to
23-12-2016 - 21:59 10-12-2016 - 21:59
CVE-2016-6622 4.3
An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.4
23-12-2016 - 21:59 10-12-2016 - 21:59
CVE-2016-6620 7.5
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation a
23-12-2016 - 21:59 10-12-2016 - 21:59
CVE-2015-4736 9.3
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
23-12-2016 - 21:59 16-07-2015 - 07:00
CVE-2016-9565 7.5
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an
16-12-2016 - 14:11 15-12-2016 - 17:59
CVE-2016-9566 7.2
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
16-12-2016 - 14:10 15-12-2016 - 17:59
CVE-2016-5407 7.5
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.
16-12-2016 - 11:50 13-12-2016 - 15:59
CVE-2016-9888 4.3
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
14-12-2016 - 22:00 08-12-2016 - 03:59
CVE-2016-7951 7.5
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
14-12-2016 - 21:54 13-12-2016 - 15:59
CVE-2016-7950 7.5
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.
14-12-2016 - 21:52 13-12-2016 - 15:59
CVE-2016-7953 7.5
Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string.
14-12-2016 - 21:51 13-12-2016 - 15:59
CVE-2016-7949 7.5
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.
14-12-2016 - 21:49 13-12-2016 - 15:59
CVE-2016-7952 5.0
X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data.
14-12-2016 - 21:44 13-12-2016 - 15:59
CVE-2016-7944 7.5
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
14-12-2016 - 12:42 13-12-2016 - 15:59
CVE-2016-6609 6.5
An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior
14-12-2016 - 11:53 10-12-2016 - 21:59
CVE-2016-6613 2.1
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versio
14-12-2016 - 11:51 10-12-2016 - 21:59
CVE-2016-6614 4.3
An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to tra
14-12-2016 - 11:48 10-12-2016 - 21:59
CVE-2016-6624 4.3
An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not
14-12-2016 - 11:14 10-12-2016 - 21:59
CVE-2016-6630 4.0
An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0
14-12-2016 - 11:03 10-12-2016 - 21:59
CVE-2016-6631 8.5
An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a co
14-12-2016 - 11:01 10-12-2016 - 21:59
CVE-2016-6612 4.0
An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to
13-12-2016 - 12:28 10-12-2016 - 21:59
CVE-2016-6606 5.0
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and passwo
13-12-2016 - 12:27 10-12-2016 - 21:59
CVE-2016-6611 5.1
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x
12-12-2016 - 21:59 10-12-2016 - 21:59
CVE-2016-6607 4.3
XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an
12-12-2016 - 21:59 10-12-2016 - 21:59
CVE-2016-9535 7.5
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Pre
09-12-2016 - 21:59 22-11-2016 - 14:59
CVE-2016-9534 7.5
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
09-12-2016 - 21:59 22-11-2016 - 14:59
CVE-2016-9533 7.5
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
09-12-2016 - 21:59 22-11-2016 - 14:59
CVE-2006-3952 7.5
Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained fro
07-12-2016 - 22:00 01-08-2006 - 17:04
CVE-2016-9152 4.3
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.
07-12-2016 - 14:35 05-12-2016 - 13:59
CVE-2015-8543 6.9
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer
07-12-2016 - 13:28 28-12-2015 - 06:59
CVE-2015-8374 2.1
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
07-12-2016 - 13:27 28-12-2015 - 06:59
CVE-2015-8104 4.7
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
07-12-2016 - 13:26 16-11-2015 - 06:59
CVE-2015-7833 4.9
The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in
07-12-2016 - 13:25 19-10-2015 - 06:59
CVE-2015-7554 7.5
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
07-12-2016 - 13:24 08-01-2016 - 14:59
CVE-2013-7446 5.4
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
06-12-2016 - 22:00 28-12-2015 - 06:59
CVE-2003-0001 5.0
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
06-12-2016 - 21:59 17-01-2003 - 00:00
CVE-2016-1567 6.8
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
05-12-2016 - 22:07 26-01-2016 - 14:59
CVE-2016-0752 5.0
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unre
05-12-2016 - 22:05 15-02-2016 - 21:59
CVE-2016-0751 5.0
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows
05-12-2016 - 22:05 15-02-2016 - 21:59
CVE-2015-8783 4.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
05-12-2016 - 22:04 01-02-2016 - 16:59
CVE-2015-8782 4.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
05-12-2016 - 22:04 01-02-2016 - 16:59
CVE-2015-8781 4.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
05-12-2016 - 22:04 01-02-2016 - 16:59
CVE-2015-7576 4.3
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4
05-12-2016 - 22:03 15-02-2016 - 21:59
CVE-2016-2098 7.5
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
02-12-2016 - 22:24 07-04-2016 - 19:59
CVE-2016-2097 5.0
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot
02-12-2016 - 22:24 07-04-2016 - 19:59
CVE-2015-8784 4.3
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
02-12-2016 - 22:14 13-04-2016 - 13:59
CVE-2014-2972 4.6
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
02-12-2016 - 22:01 04-09-2014 - 13:55
CVE-2016-0282 3.5
Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS.
29-11-2016 - 22:02 24-11-2016 - 14:59
CVE-2016-7415 7.5
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impac
28-11-2016 - 15:39 17-09-2016 - 17:59
CVE-2016-7115 7.5
Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet.
28-11-2016 - 15:37 30-08-2016 - 13:59
CVE-2016-6511 4.3
epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (OpenFlow dissector large loop) via a crafted packet.
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6510 4.3
Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packe
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6509 4.3
epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6508 4.3
epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6507 4.3
epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark 1.12.x before 1.12.13 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6506 4.3
epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6505 4.3
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6504 4.3
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) v
28-11-2016 - 15:33 06-08-2016 - 19:59
CVE-2016-6316 4.3
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as
28-11-2016 - 15:31 07-09-2016 - 15:28
CVE-2016-6296 7.5
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffe
28-11-2016 - 15:31 25-07-2016 - 10:59
CVE-2016-5773 7.5
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-5772 7.5
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execu
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-5771 7.5
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-a
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-5770 7.5
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large inte
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-5769 7.5
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have uns
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-5768 7.5
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial o
28-11-2016 - 15:29 07-08-2016 - 06:59
CVE-2016-4049 5.0
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
28-11-2016 - 15:14 23-05-2016 - 15:59
CVE-2016-4036 2.1
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.
28-11-2016 - 15:14 18-04-2016 - 10:59
CVE-2016-3658 5.0
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable.
28-11-2016 - 15:12 03-10-2016 - 12:09
CVE-2016-3092 7.8
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (
28-11-2016 - 15:06 04-07-2016 - 18:59
CVE-2016-2848 5.0
ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record.
28-11-2016 - 15:05 21-10-2016 - 06:59
CVE-2016-2836 6.8
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
28-11-2016 - 15:05 04-08-2016 - 21:59
CVE-2016-1513 6.8
The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.
28-11-2016 - 14:59 05-08-2016 - 10:59
CVE-2016-1246 5.0
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
28-11-2016 - 14:58 05-10-2016 - 12:59
CVE-2015-5479 4.3
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
28-11-2016 - 14:33 19-04-2016 - 10:59
CVE-2013-5832 9.3
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
28-11-2016 - 14:09 16-10-2013 - 13:55
CVE-2013-5824 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
28-11-2016 - 14:09 16-10-2013 - 13:55
CVE-2013-5789 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
28-11-2016 - 14:09 16-10-2013 - 11:55
CVE-2013-5787 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a
28-11-2016 - 14:09 16-10-2013 - 11:55
CVE-2013-4434 5.0
Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.
28-11-2016 - 14:09 25-10-2013 - 19:55
CVE-2013-4421 5.0
The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.
28-11-2016 - 14:09 25-10-2013 - 19:55
CVE-2013-5850 9.3
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
21-11-2016 - 22:01 16-10-2013 - 13:55
CVE-2013-5842 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
21-11-2016 - 22:01 16-10-2013 - 13:55
CVE-2013-5831 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-20
21-11-2016 - 22:01 16-10-2013 - 13:55
CVE-2013-5829 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
21-11-2016 - 22:01 16-10-2013 - 13:55
CVE-2013-5819 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-20
21-11-2016 - 22:01 16-10-2013 - 13:55
CVE-2013-5818 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-20
21-11-2016 - 22:01 16-10-2013 - 13:55
CVE-2013-5809 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto
21-11-2016 - 22:01 16-10-2013 - 13:55
CVE-2013-0408 5.0
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers.
09-11-2016 - 16:26 17-04-2013 - 08:14
CVE-2014-0418 5.1
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-
08-11-2016 - 13:51 15-01-2014 - 11:08
CVE-2013-5904 6.8
Unspecified vulnerability in Oracle Java SE 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
08-11-2016 - 13:40 15-01-2014 - 11:08
CVE-2013-2419 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unkno
24-10-2016 - 21:59 17-04-2013 - 14:55
CVE-2013-2384 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
24-10-2016 - 21:59 17-04-2013 - 14:55
CVE-2013-2383 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
24-10-2016 - 21:59 17-04-2013 - 14:55
CVE-2013-1569 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
24-10-2016 - 21:59 17-04-2013 - 14:55
CVE-2005-2428 5.0
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password ha
17-10-2016 - 23:27 03-08-2005 - 00:00
CVE-2005-1478 7.5
Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command.
17-10-2016 - 23:19 11-05-2005 - 00:00
CVE-2005-0022 4.6
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
17-10-2016 - 23:07 02-05-2005 - 00:00
CVE-2004-1621 4.3
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square
17-10-2016 - 22:57 18-10-2004 - 00:00
CVE-2004-1533 5.0
Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password.
17-10-2016 - 22:55 31-12-2004 - 00:00
CVE-2003-0743 7.5
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL c
17-10-2016 - 22:37 20-10-2003 - 00:00
CVE-2003-0178 10.0
Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the P
17-10-2016 - 22:30 02-04-2003 - 00:00
CVE-2003-0123 5.0
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.
17-10-2016 - 22:29 18-03-2003 - 00:00
CVE-2002-0664 7.5
The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts.
17-10-2016 - 22:21 04-10-2002 - 00:00
CVE-2000-0480 5.0
Dragon telnet server allows remote attackers to cause a denial of service via a long username.
17-10-2016 - 22:07 16-06-2000 - 00:00
CVE-2016-7424 4.3
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file.
11-10-2016 - 08:21 07-10-2016 - 10:59
CVE-2016-7167 7.5
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a h
11-10-2016 - 08:17 07-10-2016 - 10:59
CVE-2016-7141 5.0
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file
04-10-2016 - 13:27 03-10-2016 - 17:59
CVE-2016-7176 4.3
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via
30-09-2016 - 11:13 09-09-2016 - 06:59
CVE-2016-7177 4.3
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) vi
29-09-2016 - 10:36 09-09-2016 - 06:59
CVE-2016-7179 4.3
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
29-09-2016 - 10:35 09-09-2016 - 06:59
CVE-2016-7180 4.3
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) v
29-09-2016 - 10:35 09-09-2016 - 06:59
CVE-2016-7178 4.3
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and applica
29-09-2016 - 10:33 09-09-2016 - 06:59
CVE-2016-6297 6.8
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspeci
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6295 7.5
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and applicatio
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6294 7.5
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers t
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6292 4.3
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6291 7.5
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive in
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6290 7.5
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified o
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2016-6289 6.8
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecifie
26-09-2016 - 22:00 25-07-2016 - 10:59
CVE-2014-0428 10.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is f
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0424 7.5
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0422 10.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is fr
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0417 9.3
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0415 10.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0410 10.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0403 5.8
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0375.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0387 7.6
Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0376 5.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0375 5.8
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5898 and CVE-2014-0403.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2014-0373 7.5
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from t
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5910 5.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5907 10.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. N
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5902 5.1
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2014-0410, CVE-2014-
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5899 5.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5898 4.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-0375 and CVE-2014-0403.
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5896 5.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5893 9.3
Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is fro
26-09-2016 - 21:59 15-01-2014 - 11:08
CVE-2013-5889 9.3
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-
26-09-2016 - 21:59 15-01-2014 - 11:11
CVE-2013-5888 4.6
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
26-09-2016 - 21:59 15-01-2014 - 11:11
CVE-2013-5887 5.0
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect availability via unknown vectors related to Deployment.
26-09-2016 - 21:59 15-01-2014 - 11:11
CVE-2013-5884 5.0
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Ora
26-09-2016 - 21:59 15-01-2014 - 11:11
CVE-2013-5878 7.5
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is
26-09-2016 - 21:59 15-01-2014 - 11:11
CVE-2016-6525 7.5
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.
22-09-2016 - 13:29 22-09-2016 - 11:59
CVE-2016-6855 5.0
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invali
08-09-2016 - 15:15 07-09-2016 - 14:59
CVE-2014-2423 7.5
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and C
06-09-2016 - 09:38 15-04-2014 - 22:55
CVE-2014-2420 2.6
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.
06-09-2016 - 09:26 15-04-2014 - 22:55
CVE-2014-2428 7.6
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
06-09-2016 - 09:18 15-04-2014 - 22:55
CVE-2016-5114 6.4
sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (
23-08-2016 - 22:00 07-08-2016 - 06:59
CVE-2014-2421 10.0
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
22-08-2016 - 22:07 15-04-2014 - 22:55
CVE-2014-2414 7.5
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB.
22-08-2016 - 22:07 15-04-2014 - 22:55
CVE-2014-2412 7.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-04
22-08-2016 - 22:07 15-04-2014 - 22:55
CVE-2014-2409 6.4
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.
22-08-2016 - 22:07 15-04-2014 - 21:55
CVE-2014-2402 7.5
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 a
22-08-2016 - 22:07 15-04-2014 - 21:55
CVE-2014-2401 5.0
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
22-08-2016 - 22:07 15-04-2014 - 21:55
CVE-2014-2398 3.5
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
22-08-2016 - 22:07 15-04-2014 - 21:55
CVE-2014-1876 4.4
The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot
22-08-2016 - 22:07 10-02-2014 - 18:55
CVE-2013-6954 5.0
The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset
22-08-2016 - 22:06 12-01-2014 - 13:34
CVE-2016-6293 7.5
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to
04-08-2016 - 14:42 25-07-2016 - 10:59
CVE-2015-1872 6.8
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) o
02-08-2016 - 11:25 26-07-2015 - 18:59
CVE-2016-4021 7.8
The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.
15-06-2016 - 14:45 26-05-2016 - 10:59
CVE-2013-3009 9.3
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, whi
01-06-2016 - 22:24 23-07-2013 - 07:03
CVE-2013-5456 9.3
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileg
26-05-2016 - 21:59 24-11-2013 - 13:55
CVE-2013-2424 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via ve
04-04-2016 - 09:09 17-04-2013 - 14:55
CVE-2016-2091 5.0
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.
04-03-2016 - 13:01 08-02-2016 - 14:59
CVE-2013-2461 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and
01-12-2015 - 13:50 18-06-2013 - 18:55
CVE-2015-0135 10.0
IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9.
02-09-2015 - 13:20 21-04-2015 - 12:59
CVE-2014-0913 4.3
Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE.
06-08-2015 - 10:43 08-05-2014 - 21:55
CVE-2013-1493 10.0
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via
29-07-2015 - 12:15 05-03-2013 - 17:06
CVE-2013-0442 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
05-05-2015 - 21:59 01-02-2013 - 19:55
CVE-2014-0822 7.8
The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z.
27-04-2015 - 12:58 06-02-2014 - 18:55
CVE-2013-4002 7.1
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Ja
06-04-2015 - 21:59 23-07-2013 - 07:03
CVE-2013-0440 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via v
02-03-2015 - 21:59 01-02-2013 - 19:55
CVE-2013-5851 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.
04-10-2014 - 01:12 16-10-2013 - 14:55
CVE-2013-5849 4.3
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5840 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5830 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5825 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect avai
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5823 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5820 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5817 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors relat
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5814 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors relat
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5806 9.3
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5805 9.3
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5804 6.4
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unkno
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5803 2.6
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect avai
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5802 7.5
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5800 4.3
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5797 3.5
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect in
04-10-2014 - 01:12 16-10-2013 - 13:55
CVE-2013-5790 4.3
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
04-10-2014 - 01:12 16-10-2013 - 11:55
CVE-2013-5784 4.3
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.
04-10-2014 - 01:12 16-10-2013 - 11:55
CVE-2013-5783 6.4
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to S
04-10-2014 - 01:12 16-10-2013 - 11:55
CVE-2013-5782 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
04-10-2014 - 01:12 16-10-2013 - 11:55
CVE-2013-5780 4.3
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect conf
04-10-2014 - 01:12 16-10-2013 - 11:55
CVE-2013-5778 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
04-10-2014 - 01:12 16-10-2013 - 11:55
CVE-2013-5774 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
04-10-2014 - 01:12 16-10-2013 - 11:55
CVE-2013-5772 2.6
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.
04-10-2014 - 01:12 16-10-2013 - 11:55
CVE-2013-3829 6.4
Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentia
04-10-2014 - 01:09 16-10-2013 - 11:55
CVE-2013-2470 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2469 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2465 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2463 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2460 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Servicea
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2459 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2458 5.8
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the p
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2457 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors relate
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2456 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2455 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2454 5.8
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrit
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2453 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2452 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2451 3.7
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vect
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2450 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vec
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2449 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. NOTE: the previous inform
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2448 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity,
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2447 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2446 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2445 7.8
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vec
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2444 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect av
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2443 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2436 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Librarie
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-2431 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Ho
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-2430 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affe
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-2429 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-2426 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Li
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-2423 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-2422 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via u
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-2421 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Ho
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-2420 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-2417 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unkno
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-2415 2.1
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is f
04-10-2014 - 01:06 17-04-2013 - 14:55
CVE-2013-2412 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceab
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-2407 6.4
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors rel
04-10-2014 - 01:06 18-06-2013 - 18:55
CVE-2013-1571 4.3
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vec
04-10-2014 - 01:04 18-06-2013 - 18:55
CVE-2013-1557 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
04-10-2014 - 01:04 17-04-2013 - 14:55
CVE-2013-1537 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
04-10-2014 - 01:04 17-04-2013 - 14:55
CVE-2013-1518 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integ
04-10-2014 - 01:04 17-04-2013 - 14:55
CVE-2013-1500 3.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via
04-10-2014 - 01:04 18-06-2013 - 18:55
CVE-2013-1488 10.0
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the
04-10-2014 - 01:04 08-03-2013 - 13:55
CVE-2013-1480 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
04-10-2014 - 01:04 01-02-2013 - 19:55
CVE-2013-1478 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
04-10-2014 - 01:04 01-02-2013 - 19:55
CVE-2013-1476 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
04-10-2014 - 01:04 01-02-2013 - 19:55
CVE-2013-1475 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
04-10-2014 - 01:04 01-02-2013 - 19:55
CVE-2013-0809 10.0
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unkn
04-10-2014 - 01:02 05-03-2013 - 17:06
CVE-2013-0450 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0444 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0443 4.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0441 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0435 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0434 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0433 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0432 6.4
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0431 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Iss
04-10-2014 - 01:01 31-01-2013 - 09:55
CVE-2013-0429 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0428 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0427 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors rela
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0426 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0425 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidential
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0424 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vect
04-10-2014 - 01:01 01-02-2013 - 19:55
CVE-2013-0401 10.0
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demo
04-10-2014 - 01:01 08-03-2013 - 13:55
CVE-2014-0892 5.0
IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanis
24-04-2014 - 13:45 23-04-2014 - 15:55
CVE-2013-4649 4.3
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.
13-03-2014 - 11:29 12-03-2014 - 10:55
CVE-2011-4696 4.3
Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allows man-in-the-middle attackers to create arbitrary files via a .. (dot dot) in the filesignature in a GetPhotoStatus request.
04-03-2014 - 11:01 03-03-2014 - 11:55
CVE-2011-1764 7.5
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM
20-02-2014 - 23:42 04-10-2011 - 22:56
CVE-2013-0445 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and av
11-02-2014 - 23:42 01-02-2013 - 19:55
CVE-2013-6024 4.4
The Edge Client components in F5 BIG-IP APM 10.x through 10.2.4 and 11.x before 11.5.0, BIG-IP Edge Gateway 10.1.x and 10.2.x through 10.2.4 and 11.x before 11.5.0, and FirePass 6.0.0 through 6.1.0 and 7.0.0 allow attackers to obtain sensitive inform
11-02-2014 - 10:13 10-02-2014 - 13:15
CVE-2013-5812 6.4
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
06-02-2014 - 23:50 16-10-2013 - 13:55
CVE-2013-1558 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
06-02-2014 - 23:46 17-04-2013 - 14:55
CVE-2013-3743 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AW
30-01-2014 - 00:12 18-06-2013 - 18:55
CVE-2013-3012 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availabi
30-01-2014 - 00:11 23-07-2013 - 07:03
CVE-2013-3011 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availabi
30-01-2014 - 00:11 23-07-2013 - 07:03
CVE-2013-2468 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
30-01-2014 - 00:10 18-06-2013 - 18:55
CVE-2013-2466 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
30-01-2014 - 00:10 18-06-2013 - 18:55
CVE-2013-2464 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability
30-01-2014 - 00:10 18-06-2013 - 18:55
CVE-2013-2442 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
30-01-2014 - 00:10 18-06-2013 - 18:55
CVE-2013-2437 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
30-01-2014 - 00:10 18-06-2013 - 18:55
CVE-2013-5848 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
27-01-2014 - 23:56 16-10-2013 - 13:55
CVE-2013-5843 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and ava
27-01-2014 - 23:56 16-10-2013 - 13:55
CVE-2013-5838 9.3
Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
27-01-2014 - 23:56 16-10-2013 - 13:55
CVE-2013-5801 5.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
27-01-2014 - 23:56 16-10-2013 - 13:55
CVE-2013-5788 10.0
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
27-01-2014 - 23:56 16-10-2013 - 11:55
CVE-2013-5776 5.0
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors relat
27-01-2014 - 23:56 16-10-2013 - 11:55
CVE-2013-5458 9.3
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors.
27-01-2014 - 23:55 24-11-2013 - 13:55
CVE-2013-5457 9.3
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors.
27-01-2014 - 23:55 24-11-2013 - 13:55
CVE-2013-5375 6.8
Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL.
27-01-2014 - 23:55 24-11-2013 - 13:55
CVE-2013-5372 4.3
The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML do
27-01-2014 - 23:55 19-10-2013 - 06:36
CVE-2013-4041 6.8
Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors.
27-01-2014 - 23:54 24-11-2013 - 13:55
CVE-2013-7291 1.8
memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source t
14-01-2014 - 10:28 13-01-2014 - 16:55
CVE-2013-3744 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400.
07-01-2014 - 23:39 18-06-2013 - 18:55
CVE-2013-2467 6.9
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.
07-01-2014 - 23:37 18-06-2013 - 18:55
CVE-2013-2462 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
07-01-2014 - 23:37 18-06-2013 - 18:55
CVE-2013-2433 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnera
07-01-2014 - 23:37 17-04-2013 - 14:55
CVE-2013-2400 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-3744.
07-01-2014 - 23:37 18-06-2013 - 18:55
CVE-2013-4065 2.6
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message,
23-12-2013 - 13:19 21-12-2013 - 09:22
CVE-2013-4064 2.1
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SP
23-12-2013 - 13:18 21-12-2013 - 09:22
CVE-2013-4063 4.3
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP.
23-12-2013 - 13:17 21-12-2013 - 09:22
CVE-2012-1541 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
19-12-2013 - 23:25 01-02-2013 - 19:55
CVE-2013-2440 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
05-12-2013 - 00:26 17-04-2013 - 14:55
CVE-2013-2439 6.9
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integr
05-12-2013 - 00:26 17-04-2013 - 14:55
CVE-2013-2435 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related
05-12-2013 - 00:26 17-04-2013 - 14:55
CVE-2013-2434 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
05-12-2013 - 00:26 17-04-2013 - 14:55
CVE-2013-2432 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, i
05-12-2013 - 00:26 17-04-2013 - 14:55
CVE-2013-2418 4.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to D
05-12-2013 - 00:26 17-04-2013 - 14:55
CVE-2013-2394 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, i
05-12-2013 - 00:26 17-04-2013 - 14:55
CVE-2013-1563 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability
05-12-2013 - 00:24 17-04-2013 - 14:55
CVE-2013-1540 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnera
05-12-2013 - 00:24 17-04-2013 - 14:55
CVE-2013-1491 10.0
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as d
05-12-2013 - 00:24 08-03-2013 - 13:55
CVE-2013-1489 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very Hig
05-12-2013 - 00:24 31-01-2013 - 09:55
CVE-2013-1481 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknow
05-12-2013 - 00:24 01-02-2013 - 19:55
CVE-2013-1473 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
05-12-2013 - 00:24 01-02-2013 - 19:55
CVE-2013-0449 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
05-12-2013 - 00:22 01-02-2013 - 19:55
CVE-2013-0446 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
05-12-2013 - 00:22 01-02-2013 - 19:55
CVE-2013-0438 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
05-12-2013 - 00:22 01-02-2013 - 19:55
CVE-2013-0437 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to
05-12-2013 - 00:22 01-02-2013 - 19:55
CVE-2013-0423 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
05-12-2013 - 00:22 01-02-2013 - 19:55
CVE-2013-0419 7.6
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
05-12-2013 - 00:22 01-02-2013 - 19:55
CVE-2013-0409 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
05-12-2013 - 00:22 01-02-2013 - 19:55
CVE-2013-0351 7.5
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
05-12-2013 - 00:22 01-02-2013 - 19:55
CVE-2013-0198 5.0
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this
05-12-2013 - 00:22 05-03-2013 - 16:38
CVE-2012-3411 5.0
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
05-12-2013 - 00:15 05-03-2013 - 16:38
CVE-2012-3342 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depl
05-12-2013 - 00:15 01-02-2013 - 19:55
CVE-2012-3213 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scri
05-12-2013 - 00:15 01-02-2013 - 19:55
CVE-2013-2438 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.
02-11-2013 - 23:32 17-04-2013 - 14:55
CVE-2013-2428 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
02-11-2013 - 23:32 17-04-2013 - 14:55
CVE-2013-2427 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
02-11-2013 - 23:32 17-04-2013 - 14:55
CVE-2013-2425 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
02-11-2013 - 23:32 17-04-2013 - 14:55
CVE-2013-2416 4.3
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
02-11-2013 - 23:32 17-04-2013 - 14:55
CVE-2013-2414 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate
02-11-2013 - 23:32 17-04-2013 - 14:55
CVE-2013-1564 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.
02-11-2013 - 23:31 17-04-2013 - 14:55
CVE-2013-1561 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.
02-11-2013 - 23:31 17-04-2013 - 14:55
CVE-2013-1479 10.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unkn
02-11-2013 - 23:31 01-02-2013 - 19:55
CVE-2013-0448 5.0
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries.
02-11-2013 - 23:29 01-02-2013 - 19:55
CVE-2013-0430 6.9
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the inst
02-11-2013 - 23:29 01-02-2013 - 19:55
CVE-2013-0402 10.0
Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstr
02-11-2013 - 23:29 08-03-2013 - 13:55
CVE-2013-3589 4.3
Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web
25-09-2013 - 13:52 24-09-2013 - 06:35
CVE-2013-4068 7.1
Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8.
23-09-2013 - 18:37 20-09-2013 - 11:26
CVE-2013-3010 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than C
22-08-2013 - 02:53 23-07-2013 - 07:03
CVE-2013-3008 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006.
22-08-2013 - 02:53 23-07-2013 - 07:03
CVE-2013-3007 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than C
22-08-2013 - 02:53 23-07-2013 - 07:03
CVE-2013-3006 9.3
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3008.
22-08-2013 - 02:53 23-07-2013 - 07:03
CVE-2006-0987 5.0
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of ser
19-08-2013 - 21:46 03-03-2006 - 06:02
CVE-2003-0616 7.5
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a faile
23-07-2013 - 01:04 27-08-2003 - 00:00
CVE-2013-0486 4.3
Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY.
04-06-2013 - 23:41 27-03-2013 - 08:23
CVE-2012-6561 4.3
Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party infor
24-05-2013 - 00:00 23-05-2013 - 11:55
CVE-2012-5671 6.8
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers t
18-04-2013 - 23:26 31-10-2012 - 12:55
CVE-2013-0487 8.5
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.
27-03-2013 - 10:26 27-03-2013 - 08:23
CVE-2012-6272 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage Server Administrator 6.5.0.1, 7.0.0.1, and 7.1.0.1 allow remote attackers to inject arbitrary web script or HTML via the topic parameter to html/index_main.htm in (1) help/sm/en/O
30-01-2013 - 00:00 25-01-2013 - 07:00
CVE-2012-5306 9.3
Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute a
08-10-2012 - 00:00 06-10-2012 - 18:55
CVE-2011-4329 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.ph
16-02-2012 - 23:10 28-11-2011 - 06:55
CVE-2011-4814 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/in
09-02-2012 - 00:00 13-12-2011 - 19:55
CVE-2011-1407 7.5
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
06-09-2011 - 23:15 16-05-2011 - 14:55
CVE-2006-0307 5.0
The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Sui
13-07-2011 - 00:00 18-01-2006 - 19:03
CVE-2006-0306 5.0
The DM Primer (dmprimer.exe) in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop
13-07-2011 - 00:00 18-01-2006 - 19:03
CVE-2006-3122 5.0
The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted
13-06-2011 - 00:00 09-08-2006 - 18:04
CVE-2011-1672 5.0
The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a p
20-04-2011 - 22:33 09-04-2011 - 22:55
CVE-2008-3350 5.0
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vul
07-03-2011 - 22:10 28-07-2008 - 13:41
CVE-2008-2302 4.3
Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a cert
07-03-2011 - 22:08 23-05-2008 - 11:32
CVE-2008-1141 4.9
Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (kernel memory consumption) via a series of DLMFENC_IOCTL requests to \\.\DLKPFSD_Device that allocate "link list structures."
07-03-2011 - 22:06 04-03-2008 - 15:44
CVE-2008-1140 7.2
DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM
07-03-2011 - 22:06 04-03-2008 - 15:44
CVE-2008-1139 7.2
DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYST
07-03-2011 - 22:06 04-03-2008 - 15:44
CVE-2008-1138 4.9
DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (system crash) via a certain ZERO_MEM DLMFENC_IOCTL request to \\.\DLKPFSD_Device, aka the "ring0 link list zero" vulnerability.
07-03-2011 - 22:06 04-03-2008 - 15:44
CVE-2008-0243 7.8
Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.
07-03-2011 - 22:04 11-01-2008 - 21:46
CVE-2007-6426 7.8
Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.
07-03-2011 - 22:02 20-02-2008 - 19:44
CVE-2007-5924 4.3
Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
07-03-2011 - 22:01 09-11-2007 - 21:46
CVE-2007-4470 9.3
Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecifie
07-03-2011 - 21:58 10-09-2007 - 13:17
CVE-2007-3510 9.0
Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name.
07-03-2011 - 21:56 29-10-2007 - 17:46
CVE-2007-1005 7.8
Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length val
07-03-2011 - 21:51 02-03-2007 - 16:18
CVE-2006-5714 5.0
Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream.
07-03-2011 - 21:43 03-11-2006 - 20:07
CVE-2006-5156 10.0
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
07-03-2011 - 21:42 05-10-2006 - 00:04
CVE-2006-2496 10.0
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
07-03-2011 - 21:36 19-05-2006 - 23:02
CVE-2006-2072 5.0
Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trig
07-03-2011 - 21:35 27-04-2006 - 18:02
CVE-2005-2554 2.1
The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root direct
07-03-2011 - 21:24 12-08-2005 - 00:00
CVE-2004-2486 7.5
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
07-03-2011 - 21:18 31-12-2004 - 00:00
CVE-2011-0017 6.9
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
01-03-2011 - 02:08 01-02-2011 - 20:00
CVE-2009-4269 2.1
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easie
26-01-2011 - 01:41 16-08-2010 - 16:00
CVE-2005-0021 7.2
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function,
21-08-2010 - 00:25 02-05-2005 - 00:00
CVE-2009-4655 7.5
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
28-04-2010 - 01:44 26-02-2010 - 13:30
CVE-2009-4473 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the (1
06-01-2010 - 00:00 30-12-2009 - 16:30
CVE-2009-4211 9.3
The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) v
07-12-2009 - 00:00 04-12-2009 - 17:30
CVE-2009-1119 10.0
Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrary code via a crafted message to (1) ctrlservice.exe or (2) rep_srv.exe, possibly related to an integer overflow.
18-04-2009 - 00:00 15-04-2009 - 15:30
CVE-2007-5209 9.3
Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock 5.0 allows remote attackers to execute arbitrary code via a long HTTP request to TCP port 6061. NOTE: the provenance of this information is unknown; the details are obtained solel
15-11-2008 - 02:00 04-10-2007 - 19:17
CVE-2004-0833 7.5
Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.
10-09-2008 - 15:27 23-12-2004 - 00:00
CVE-2003-0149 7.5
Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters.
10-09-2008 - 15:18 27-08-2003 - 00:00
CVE-2003-0148 7.2
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from
10-09-2008 - 15:18 27-08-2003 - 00:00
CVE-2001-1311 7.5
Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
10-09-2008 - 15:10 16-07-2001 - 00:00
CVE-2001-0183 7.5
ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection.
10-09-2008 - 15:07 26-03-2001 - 00:00
CVE-2005-2551 7.5
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
05-09-2008 - 16:52 12-08-2005 - 00:00
CVE-2005-1516 7.5
DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.
05-09-2008 - 16:49 11-05-2005 - 00:00
CVE-2005-0861 7.5
Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays."
05-09-2008 - 16:47 02-05-2005 - 00:00
CVE-2004-0789 5.0
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to ca
05-09-2008 - 16:39 31-12-2004 - 00:00
CVE-2002-0690 10.0
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.
05-09-2008 - 16:28 11-04-2003 - 00:00
CVE-2001-0009 5.0
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
05-09-2008 - 16:23 12-02-2001 - 00:00
Back to Top Mark selected
Back to Top