Max CVSS 10.0 Min CVSS 2.1 Total Count50
IDCVSSSummaryLast (major) updatePublished
CVE-2015-8345 2.1
The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list.
20-04-2017 - 09:43 13-04-2017 - 13:59
CVE-2016-0024 9.3
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Scripting Engine Memory Corruption Vulnerability."
23-03-2017 - 21:59 13-01-2016 - 00:59
CVE-2015-8607 7.5
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted st
31-01-2017 - 21:59 13-01-2016 - 10:59
CVE-2015-5330 5.0
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending craft
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-5299 5.0
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote att
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-5296 4.3
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-s
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-5252 5.0
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points o
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-3223 5.0
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a deni
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-2632 5.0
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
23-12-2016 - 21:59 16-07-2015 - 06:59
CVE-2015-4472 6.8
Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.
21-12-2016 - 21:59 11-06-2015 - 10:59
CVE-2015-1819 5.0
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
21-12-2016 - 21:59 14-08-2015 - 14:59
CVE-2016-0035 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office doc
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0034 9.3
Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime R
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0012 4.3
Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1,
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0011 3.5
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft Share
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0010 9.3
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Mac, Word 2016 for Mac, and Word Viewer allow remote
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0007 6.9
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, wh
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0006 6.9
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, wh
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0005 4.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0003 9.3
Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2016-0002 7.6
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption
07-12-2016 - 13:30 13-01-2016 - 00:59
CVE-2015-8664 7.5
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel arra
07-12-2016 - 13:29 23-12-2015 - 22:59
CVE-2015-8548 10.0
Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478.
07-12-2016 - 13:28 14-12-2015 - 06:59
CVE-2015-8317 5.0
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds
07-12-2016 - 13:26 15-12-2015 - 16:59
CVE-2015-8242 5.8
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive informati
07-12-2016 - 13:26 15-12-2015 - 16:59
CVE-2015-8241 6.4
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML dat
07-12-2016 - 13:26 15-12-2015 - 16:59
CVE-2015-8126 7.5
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a den
07-12-2016 - 13:26 12-11-2015 - 22:59
CVE-2015-8035 2.6
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
07-12-2016 - 13:26 18-11-2015 - 11:59
CVE-2015-8025 2.1
driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
07-12-2016 - 13:25 10-11-2015 - 12:59
CVE-2015-7942 6.8
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via
07-12-2016 - 13:25 18-11-2015 - 11:59
CVE-2015-7941 4.3
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSect
07-12-2016 - 13:25 18-11-2015 - 11:59
CVE-2015-7500 5.0
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
07-12-2016 - 13:24 15-12-2015 - 16:59
CVE-2015-7499 5.0
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
07-12-2016 - 13:24 15-12-2015 - 16:59
CVE-2015-7498 5.0
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
07-12-2016 - 13:24 15-12-2015 - 16:59
CVE-2015-7497 5.0
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
07-12-2016 - 13:24 15-12-2015 - 16:59
CVE-2015-6791 10.0
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
07-12-2016 - 13:21 14-12-2015 - 06:59
CVE-2015-6790 4.3
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary
07-12-2016 - 13:21 14-12-2015 - 06:59
CVE-2015-6789 9.3
Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated
07-12-2016 - 13:21 14-12-2015 - 06:59
CVE-2015-6117 4.3
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft Share
07-12-2016 - 13:18 13-01-2016 - 00:59
CVE-2015-5602 7.2
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
07-12-2016 - 13:17 17-11-2015 - 10:59
CVE-2015-5312 7.1
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab
07-12-2016 - 13:16 15-12-2015 - 16:59
CVE-2014-9732 4.3
The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer deref
28-11-2016 - 14:14 11-06-2015 - 10:59
CVE-2014-8602 4.3
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
28-11-2016 - 14:13 10-12-2014 - 21:59
CVE-2015-7512 6.8
Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.
11-10-2016 - 22:01 08-01-2016 - 16:59
CVE-2015-4467 4.3
The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.
27-06-2016 - 10:31 11-06-2015 - 10:59
CVE-2015-4470 4.3
Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.
09-06-2016 - 17:40 11-06-2015 - 10:59
CVE-2015-4469 4.3
The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
09-06-2016 - 17:30 11-06-2015 - 10:59
CVE-2015-4471 4.3
Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.
09-06-2016 - 17:28 11-06-2015 - 10:59
CVE-2015-4468 4.3
Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
09-06-2016 - 17:28 11-06-2015 - 10:59
CVE-2012-1192 6.4
The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a
20-02-2012 - 00:00 17-02-2012 - 17:55
Back to Top Mark selected
Back to Top