Max CVSS 10.0 Min CVSS 3.5 Total Count34
IDCVSSSummaryLast (major) updatePublished
CVE-2015-8771 7.5
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.
01-03-2017 - 21:59 13-02-2017 - 13:59
CVE-2014-9674 7.5
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based bu
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2016-1572 4.6
mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.
07-12-2016 - 13:32 22-01-2016 - 10:59
CVE-2016-1499 7.5
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to in
07-12-2016 - 13:32 08-01-2016 - 16:59
CVE-2015-8659 10.0
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
07-12-2016 - 13:29 12-01-2016 - 14:59
CVE-2015-8397 6.4
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application
07-12-2016 - 13:27 12-01-2016 - 15:59
CVE-2015-8396 10.0
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM
07-12-2016 - 13:27 12-01-2016 - 15:59
CVE-2016-1983 5.0
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
05-12-2016 - 22:07 27-01-2016 - 15:59
CVE-2016-1982 5.0
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
05-12-2016 - 22:07 27-01-2016 - 15:59
CVE-2016-0756 5.0
The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name th
05-12-2016 - 22:05 29-01-2016 - 15:59
CVE-2016-0753 5.0
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted para
05-12-2016 - 22:05 15-02-2016 - 21:59
CVE-2016-0752 5.0
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unre
05-12-2016 - 22:05 15-02-2016 - 21:59
CVE-2016-0751 5.0
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows
05-12-2016 - 22:05 15-02-2016 - 21:59
CVE-2016-0747 5.0
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
05-12-2016 - 22:05 15-02-2016 - 14:59
CVE-2016-0746 7.5
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response relate
05-12-2016 - 22:05 15-02-2016 - 14:59
CVE-2016-0742 5.0
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
05-12-2016 - 22:05 15-02-2016 - 14:59
CVE-2015-8783 4.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
05-12-2016 - 22:04 01-02-2016 - 16:59
CVE-2015-8782 4.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
05-12-2016 - 22:04 01-02-2016 - 16:59
CVE-2015-8781 4.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
05-12-2016 - 22:04 01-02-2016 - 16:59
CVE-2015-8748 5.0
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".
05-12-2016 - 22:04 03-02-2016 - 13:59
CVE-2015-8747 7.5
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
05-12-2016 - 22:04 03-02-2016 - 13:59
CVE-2015-7581 5.0
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an app
05-12-2016 - 22:03 15-02-2016 - 21:59
CVE-2015-7577 5.0
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy o
05-12-2016 - 22:03 15-02-2016 - 21:59
CVE-2015-7576 4.3
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4
05-12-2016 - 22:03 15-02-2016 - 21:59
CVE-2015-3227 5.0
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
05-12-2016 - 21:59 26-07-2015 - 18:59
CVE-2015-3226 4.3
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled du
05-12-2016 - 21:59 26-07-2015 - 18:59
CVE-2014-9687 5.0
eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
05-12-2016 - 21:59 16-03-2015 - 10:59
CVE-2016-1714 6.9
The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-o
02-12-2016 - 22:22 07-04-2016 - 15:59
CVE-2015-8784 4.3
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
02-12-2016 - 22:14 13-04-2016 - 13:59
CVE-2015-7552 9.3
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
29-11-2016 - 22:02 18-04-2016 - 10:59
CVE-2016-2041 5.0
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restri
28-11-2016 - 15:02 19-02-2016 - 20:59
CVE-2016-2039 5.0
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
28-11-2016 - 15:02 19-02-2016 - 20:59
CVE-2016-1500 3.5
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the
11-01-2016 - 21:51 08-01-2016 - 16:59
CVE-2016-1498 4.3
Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unsp
11-01-2016 - 21:50 08-01-2016 - 16:59
Back to Top Mark selected
Back to Top