Max CVSS 10.0 Min CVSS 1.9 Total Count28
IDCVSSSummaryLast (major) updatePublished
CVE-2016-0800 4.3
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote
09-05-2017 - 21:29 01-03-2016 - 15:59
CVE-2016-0799 10.0
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have uns
09-05-2017 - 21:29 03-03-2016 - 15:59
CVE-2016-0798 7.8
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related
09-05-2017 - 21:29 03-03-2016 - 15:59
CVE-2016-0797 5.0
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit stri
09-05-2017 - 21:29 03-03-2016 - 15:59
CVE-2016-0705 10.0
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other imp
09-05-2017 - 21:29 03-03-2016 - 15:59
CVE-2016-0702 1.9
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discov
09-05-2017 - 21:29 03-03-2016 - 15:59
CVE-2015-8035 2.6
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
07-12-2016 - 13:26 18-11-2015 - 11:59
CVE-2016-3186 5.0
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
02-12-2016 - 22:26 19-04-2016 - 10:59
CVE-2016-3074 7.5
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflo
02-12-2016 - 22:26 26-04-2016 - 10:59
CVE-2016-1659 10.0
Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1658 4.3
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1657 4.3
The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar v
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1656 5.0
The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1655 6.8
Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted e
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1654 4.3
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.
02-12-2016 - 22:22 18-04-2016 - 06:59
CVE-2016-1653 9.3
The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that tri
02-12-2016 - 22:21 18-04-2016 - 06:59
CVE-2016-1652 4.3
Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script o
02-12-2016 - 22:21 18-04-2016 - 06:59
CVE-2016-1651 5.8
fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory
02-12-2016 - 22:21 18-04-2016 - 06:59
CVE-2016-4024 7.5
Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.
30-11-2016 - 22:10 13-05-2016 - 12:59
CVE-2016-3994 6.4
The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.
30-11-2016 - 22:10 13-05-2016 - 12:59
CVE-2016-3993 5.0
Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.
30-11-2016 - 22:10 13-05-2016 - 12:59
CVE-2015-8852 5.0
Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction
30-11-2016 - 22:01 25-04-2016 - 10:59
CVE-2015-8325 7.2
The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted
30-11-2016 - 22:01 30-04-2016 - 21:59
CVE-2015-7995 5.0
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
30-11-2016 - 22:01 17-11-2015 - 10:59
CVE-2014-9771 5.0
Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.
30-11-2016 - 21:59 13-05-2016 - 12:59
CVE-2011-5326 5.0
imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.
30-11-2016 - 21:59 13-05-2016 - 12:59
CVE-2016-3961 2.1
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
28-11-2016 - 15:14 15-04-2016 - 10:59
CVE-2016-3955 10.0
The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a US
28-11-2016 - 15:14 03-07-2016 - 17:59
Back to Top Mark selected
Back to Top