Max CVSS 10.0 Min CVSS 1.9 Total Count66
IDCVSSSummaryLast (major) updatePublished
CVE-2016-7976 6.8
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2016-7979 7.5
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2016-7978 7.5
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2016-7977 4.3
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.
23-05-2017 - 00:29 23-05-2017 - 00:29
CVE-2013-5653 4.3
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
08-03-2017 - 21:59 07-03-2017 - 10:59
CVE-2016-1245 7.5
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BU
02-03-2017 - 10:54 22-02-2017 - 18:59
CVE-2016-8568 4.3
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.
07-02-2017 - 16:45 03-02-2017 - 10:59
CVE-2016-8569 4.3
The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.
07-02-2017 - 15:35 03-02-2017 - 10:59
CVE-2016-6911 4.3
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
31-01-2017 - 21:59 26-01-2017 - 10:59
CVE-2016-8606 7.5
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
18-01-2017 - 11:27 12-01-2017 - 17:59
CVE-2016-8605 5.0
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mod
18-01-2017 - 10:59 12-01-2017 - 17:59
CVE-2016-8860 5.0
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote a
17-01-2017 - 21:59 04-01-2017 - 15:59
CVE-2016-8670 7.5
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer ov
06-01-2017 - 22:00 04-01-2017 - 15:59
CVE-2016-8576 1.9
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request
06-01-2017 - 22:00 04-11-2016 - 17:59
CVE-2016-7995 2.1
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.
06-01-2017 - 22:00 09-12-2016 - 19:59
CVE-2016-7908 2.1
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU
06-01-2017 - 22:00 05-10-2016 - 12:59
CVE-2016-7466 2.1
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly
06-01-2017 - 22:00 09-12-2016 - 19:59
CVE-2016-7422 2.1
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
06-01-2017 - 22:00 09-12-2016 - 19:59
CVE-2016-7170 2.1
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[
06-01-2017 - 22:00 09-12-2016 - 19:59
CVE-2016-7161 10.0
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
06-01-2017 - 22:00 05-10-2016 - 12:59
CVE-2016-5597 4.3
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.
06-01-2017 - 22:00 25-10-2016 - 10:31
CVE-2016-5582 9.3
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.
06-01-2017 - 22:00 25-10-2016 - 10:30
CVE-2016-5573 6.8
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.
06-01-2017 - 22:00 25-10-2016 - 10:30
CVE-2016-5556 9.3
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.
06-01-2017 - 22:00 25-10-2016 - 10:30
CVE-2016-5554 4.3
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.
06-01-2017 - 22:00 25-10-2016 - 10:30
CVE-2016-5542 4.3
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.
06-01-2017 - 22:00 25-10-2016 - 10:30
CVE-2016-7502 6.8
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.
03-01-2017 - 15:03 23-12-2016 - 00:59
CVE-2016-7562 4.3
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.
03-01-2017 - 15:03 23-12-2016 - 00:59
CVE-2016-7555 4.3
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
03-01-2017 - 15:03 23-12-2016 - 00:59
CVE-2016-7905 4.3
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.
03-01-2017 - 15:02 23-12-2016 - 00:59
CVE-2016-7785 4.3
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
03-01-2017 - 14:58 23-12-2016 - 00:59
CVE-2016-7966 7.5
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which gre
27-12-2016 - 13:42 23-12-2016 - 17:59
CVE-2016-5187 4.3
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
22-12-2016 - 11:05 17-12-2016 - 22:59
CVE-2016-5183 6.8
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
22-12-2016 - 11:04 17-12-2016 - 22:59
CVE-2016-5188 4.3
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.
22-12-2016 - 10:52 17-12-2016 - 22:59
CVE-2016-5193 4.3
Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages.
20-12-2016 - 10:13 17-12-2016 - 22:59
CVE-2016-5191 4.3
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML p
20-12-2016 - 09:49 17-12-2016 - 22:59
CVE-2016-5190 6.8
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
20-12-2016 - 09:42 17-12-2016 - 22:59
CVE-2016-5181 4.3
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (U
20-12-2016 - 07:56 17-12-2016 - 22:59
CVE-2016-5189 4.3
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pa
20-12-2016 - 07:50 17-12-2016 - 22:59
CVE-2016-5185 6.8
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read v
20-12-2016 - 07:46 17-12-2016 - 22:59
CVE-2016-5192 4.3
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
20-12-2016 - 07:29 17-12-2016 - 22:59
CVE-2016-5186 6.8
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
20-12-2016 - 07:23 17-12-2016 - 22:59
CVE-2016-5184 6.8
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption v
20-12-2016 - 07:14 17-12-2016 - 22:59
CVE-2016-5182 6.8
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
20-12-2016 - 07:09 17-12-2016 - 22:59
CVE-2016-7950 7.5
The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.
14-12-2016 - 21:52 13-12-2016 - 15:59
CVE-2016-7949 7.5
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.
14-12-2016 - 21:49 13-12-2016 - 15:59
CVE-2016-6490 2.1
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.
12-12-2016 - 14:50 09-12-2016 - 19:59
CVE-2016-6833 2.1
Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device i
12-12-2016 - 14:22 09-12-2016 - 19:59
CVE-2016-7156 2.1
The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging an incorrect cast.
12-12-2016 - 14:05 09-12-2016 - 19:59
CVE-2015-7554 7.5
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
07-12-2016 - 13:24 08-01-2016 - 14:59
CVE-2016-5615 2.1
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx.
28-11-2016 - 15:28 25-10-2016 - 10:31
CVE-2016-5606 5.6
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones.
28-11-2016 - 15:27 25-10-2016 - 10:31
CVE-2016-5576 4.9
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5568 9.3
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5566 5.0
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5561 2.6
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5559 4.0
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5553 4.7
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5544 7.2
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5487 4.6
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
28-11-2016 - 15:26 25-10-2016 - 10:29
CVE-2016-5480 1.9
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash.
28-11-2016 - 15:26 25-10-2016 - 10:29
CVE-2016-4470 4.9
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a craft
28-11-2016 - 15:18 27-06-2016 - 06:59
CVE-2015-8935 4.3
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XS
28-11-2016 - 14:50 07-08-2016 - 06:59
CVE-2016-6351 7.2
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) or execut
08-09-2016 - 09:44 07-09-2016 - 14:59
CVE-2010-3981 4.3
Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.
03-11-2010 - 02:00 18-10-2010 - 13:00
Back to Top Mark selected
Back to Top