Max CVSS 9.3 Min CVSS 1.9 Total Count164
IDCVSSSummaryLast (major) updatePublished
CVE-2016-8635 4.3
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired g
01-08-2018 - 09:29 01-08-2018 - 09:29
CVE-2016-9066 5.0
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9064 4.3
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5297 7.5
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5296 5.0
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5291 4.9
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5290 7.5
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-6796 5.0
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for t
10-08-2017 - 22:29 10-08-2017 - 22:29
CVE-2016-6797 5.0
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked
10-08-2017 - 18:29 10-08-2017 - 18:29
CVE-2016-6794 5.0
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the
10-08-2017 - 12:29 10-08-2017 - 12:29
CVE-2016-5018 5.0
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applica
10-08-2017 - 12:29 10-08-2017 - 12:29
CVE-2016-0762 4.3
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attac
10-08-2017 - 12:29 10-08-2017 - 12:29
CVE-2014-9831 6.8
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2014-9830 6.8
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2014-9828 6.8
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.
07-08-2017 - 16:29 07-08-2017 - 16:29
CVE-2016-7539 7.8
Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
25-07-2017 - 10:29 25-07-2017 - 10:29
CVE-2016-8638 6.4
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenti
12-07-2017 - 09:29 12-07-2017 - 09:29
CVE-2016-5416 5.0
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the
08-06-2017 - 15:29 08-06-2017 - 15:29
CVE-2016-5405 5.0
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain u
08-06-2017 - 15:29 08-06-2017 - 15:29
CVE-2016-4992 5.0
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer th
08-06-2017 - 15:29 08-06-2017 - 15:29
CVE-2016-9311 7.1
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-9310 6.4
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7434 5.0
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7433 5.0
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7431 5.0
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7429 4.3
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7428 3.3
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7427 3.3
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7426 4.3
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses wit
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-2183 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth
09-05-2017 - 21:29 31-08-2016 - 20:59
CVE-2014-8354 4.3
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
09-05-2017 - 08:40 11-04-2017 - 15:59
CVE-2014-9829 4.3
coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.
09-05-2017 - 08:40 05-04-2017 - 13:59
CVE-2014-9837 4.3
coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.
09-05-2017 - 08:40 11-04-2017 - 15:59
CVE-2014-9907 4.3
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.
09-05-2017 - 08:40 19-04-2017 - 10:59
CVE-2015-8957 4.3
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
09-05-2017 - 08:40 20-04-2017 - 14:59
CVE-2015-8958 4.3
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
09-05-2017 - 08:40 20-04-2017 - 14:59
CVE-2015-8959 7.1
coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file.
09-05-2017 - 08:40 20-04-2017 - 14:59
CVE-2016-5010 4.3
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.
09-05-2017 - 08:40 20-04-2017 - 14:59
CVE-2016-7513 4.3
Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors.
09-05-2017 - 08:40 20-04-2017 - 14:59
CVE-2016-7514 4.3
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
09-05-2017 - 08:40 20-04-2017 - 14:59
CVE-2016-7515 4.3
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.
09-05-2017 - 08:40 19-04-2017 - 10:59
CVE-2016-7516 4.3
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted VIFF file.
09-05-2017 - 08:40 20-04-2017 - 14:59
CVE-2016-7517 4.3
The EncodeImage function in coders/pict.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PICT file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-7518 4.3
The ReadSUNImage function in coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SUN file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-7519 4.3
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
09-05-2017 - 08:39 19-04-2017 - 10:59
CVE-2016-7520 4.3
Heap-based buffer overflow in coders/hdr.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted HDR file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-7521 4.3
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-7522 4.3
The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
09-05-2017 - 08:39 19-04-2017 - 10:59
CVE-2016-7525 4.3
Heap-based buffer overflow in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-7526 4.3
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-7527 4.3
coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-7528 4.3
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
09-05-2017 - 08:39 19-04-2017 - 10:59
CVE-2016-7529 4.3
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.
09-05-2017 - 08:39 19-04-2017 - 10:59
CVE-2016-7530 4.3
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-7531 4.3
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file.
09-05-2017 - 08:39 19-04-2017 - 10:59
CVE-2016-7532 4.3
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-7533 4.3
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.
09-05-2017 - 08:39 19-04-2017 - 10:59
CVE-2016-7534 4.3
The generic decoder in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-7535 4.3
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PSD file.
09-05-2017 - 08:38 20-04-2017 - 14:59
CVE-2016-7536 4.3
magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.
09-05-2017 - 08:38 20-04-2017 - 14:59
CVE-2016-7537 4.3
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.
09-05-2017 - 08:37 19-04-2017 - 10:59
CVE-2016-7538 4.3
coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.
09-05-2017 - 08:36 20-04-2017 - 14:59
CVE-2016-7540 4.3
coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format.
08-05-2017 - 15:34 20-04-2017 - 14:59
CVE-2014-8355 4.3
PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
17-04-2017 - 14:18 11-04-2017 - 15:59
CVE-2014-8716 2.1
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
17-04-2017 - 09:00 11-04-2017 - 15:59
CVE-2014-8562 4.3
DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
17-04-2017 - 08:52 11-04-2017 - 15:59
CVE-2014-9823 6.8
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.
06-04-2017 - 09:13 30-03-2017 - 11:59
CVE-2016-9243 5.0
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
04-04-2017 - 12:00 27-03-2017 - 13:59
CVE-2014-9822 6.8
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.
04-04-2017 - 11:45 30-03-2017 - 11:59
CVE-2014-9821 6.8
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
04-04-2017 - 11:45 30-03-2017 - 11:59
CVE-2014-9820 6.8
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.
04-04-2017 - 11:44 30-03-2017 - 11:59
CVE-2014-9819 6.8
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
04-04-2017 - 11:44 30-03-2017 - 11:59
CVE-2014-9818 4.3
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.
04-04-2017 - 11:43 30-03-2017 - 11:59
CVE-2014-9817 6.8
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.
04-04-2017 - 11:42 30-03-2017 - 11:59
CVE-2014-9816 4.3
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.
04-04-2017 - 11:41 30-03-2017 - 11:59
CVE-2014-9814 4.3
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.
04-04-2017 - 11:40 30-03-2017 - 11:59
CVE-2014-9813 4.3
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
04-04-2017 - 11:40 30-03-2017 - 11:59
CVE-2014-9815 4.3
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
04-04-2017 - 11:37 30-03-2017 - 11:59
CVE-2014-9812 4.3
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.
04-04-2017 - 11:36 30-03-2017 - 11:59
CVE-2014-9811 4.3
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file.
04-04-2017 - 11:36 30-03-2017 - 11:59
CVE-2014-9810 4.3
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.
04-04-2017 - 11:35 30-03-2017 - 11:59
CVE-2014-9809 4.3
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
04-04-2017 - 11:35 30-03-2017 - 11:59
CVE-2014-9808 4.3
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.
04-04-2017 - 11:34 30-03-2017 - 11:59
CVE-2014-9807 4.3
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
04-04-2017 - 11:34 30-03-2017 - 11:59
CVE-2014-9806 4.3
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.
04-04-2017 - 11:33 30-03-2017 - 11:59
CVE-2014-9805 4.3
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
04-04-2017 - 11:31 30-03-2017 - 11:59
CVE-2014-9826 7.5
ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
04-04-2017 - 11:09 30-03-2017 - 11:59
CVE-2014-9840 4.3
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
24-03-2017 - 08:46 22-03-2017 - 10:59
CVE-2014-9839 5.0
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
24-03-2017 - 08:40 22-03-2017 - 10:59
CVE-2014-9838 4.3
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
24-03-2017 - 08:40 22-03-2017 - 10:59
CVE-2014-9836 4.3
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
24-03-2017 - 08:39 22-03-2017 - 10:59
CVE-2014-9835 6.8
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
24-03-2017 - 08:39 22-03-2017 - 10:59
CVE-2014-9834 6.8
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
24-03-2017 - 08:39 22-03-2017 - 10:59
CVE-2014-9833 6.8
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
24-03-2017 - 08:39 22-03-2017 - 10:59
CVE-2014-9847 7.5
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
22-03-2017 - 15:03 20-03-2017 - 12:59
CVE-2014-9846 7.5
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
22-03-2017 - 15:03 20-03-2017 - 12:59
CVE-2014-9845 4.3
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
22-03-2017 - 15:02 20-03-2017 - 12:59
CVE-2014-9844 4.3
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
22-03-2017 - 15:01 20-03-2017 - 12:59
CVE-2014-9841 7.5
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."
22-03-2017 - 15:01 20-03-2017 - 12:59
CVE-2014-9848 5.0
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
22-03-2017 - 13:23 20-03-2017 - 12:59
CVE-2014-9850 5.0
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
22-03-2017 - 13:23 20-03-2017 - 12:59
CVE-2014-9849 5.0
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
22-03-2017 - 13:22 20-03-2017 - 12:59
CVE-2014-9843 7.5
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
22-03-2017 - 13:22 20-03-2017 - 12:59
CVE-2014-9851 5.0
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
22-03-2017 - 13:16 20-03-2017 - 12:59
CVE-2014-9854 5.0
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
21-03-2017 - 09:17 17-03-2017 - 10:59
CVE-2014-9853 4.3
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
21-03-2017 - 09:16 17-03-2017 - 10:59
CVE-2015-8898 4.3
The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file.
17-03-2017 - 08:25 15-03-2017 - 15:59
CVE-2015-8897 4.3
The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file.
17-03-2017 - 08:25 15-03-2017 - 15:59
CVE-2015-8896 4.3
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
17-03-2017 - 08:23 15-03-2017 - 15:59
CVE-2015-8895 5.0
Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow.
17-03-2017 - 08:23 15-03-2017 - 15:59
CVE-2015-8894 4.3
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
17-03-2017 - 08:22 15-03-2017 - 15:59
CVE-2016-2182 7.5
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified ot
07-03-2017 - 21:59 16-09-2016 - 01:59
CVE-2015-8903 4.3
The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.
28-02-2017 - 13:52 27-02-2017 - 17:59
CVE-2015-8901 4.3
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.
28-02-2017 - 13:50 27-02-2017 - 17:59
CVE-2015-8902 4.3
The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.
28-02-2017 - 13:50 27-02-2017 - 17:59
CVE-2015-8900 4.3
The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file.
28-02-2017 - 13:11 27-02-2017 - 17:59
CVE-2016-2178 2.1
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
23-02-2017 - 14:43 19-06-2016 - 21:59
CVE-2016-2177 7.5
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveragi
23-02-2017 - 14:43 19-06-2016 - 21:59
CVE-2016-6302 5.0
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
23-02-2017 - 14:22 16-09-2016 - 01:59
CVE-2016-2181 5.0
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops
23-02-2017 - 14:12 16-09-2016 - 01:59
CVE-2016-2180 5.0
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application cra
23-02-2017 - 14:11 31-07-2016 - 22:59
CVE-2016-2179 5.0
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many
23-02-2017 - 14:10 16-09-2016 - 01:59
CVE-2016-6303 7.5
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vect
23-02-2017 - 12:40 16-09-2016 - 01:59
CVE-2016-9312 5.0
ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.
10-02-2017 - 21:59 13-01-2017 - 11:59
CVE-2016-7052 5.0
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-6306 4.3
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-6304 7.8
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-7101 4.3
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
23-01-2017 - 14:53 18-01-2017 - 12:59
CVE-2016-6823 5.0
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write.
23-01-2017 - 14:53 18-01-2017 - 12:59
CVE-2016-4794 7.2
Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.
17-01-2017 - 21:59 23-05-2016 - 06:59
CVE-2016-9375 4.3
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
10-01-2017 - 23:13 17-11-2016 - 00:59
CVE-2016-9376 4.3
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length valu
10-01-2017 - 23:13 17-11-2016 - 00:59
CVE-2016-9374 4.3
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable prope
10-01-2017 - 22:00 17-11-2016 - 00:59
CVE-2016-9137 7.5
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data
10-01-2017 - 21:59 04-01-2017 - 15:59
CVE-2016-9373 4.3
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss
10-01-2017 - 21:59 17-11-2016 - 00:59
CVE-2016-9451 4.9
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
06-01-2017 - 22:00 25-11-2016 - 13:59
CVE-2016-9449 4.0
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
06-01-2017 - 22:00 25-11-2016 - 13:59
CVE-2016-6321 5.0
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the
06-01-2017 - 22:00 09-12-2016 - 17:59
CVE-2016-6491 6.8
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
16-12-2016 - 15:04 13-12-2016 - 10:59
CVE-2016-5687 7.5
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
16-12-2016 - 11:54 13-12-2016 - 10:59
CVE-2016-5688 6.8
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer ov
16-12-2016 - 11:38 13-12-2016 - 10:59
CVE-2016-5689 7.5
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks.
16-12-2016 - 11:37 13-12-2016 - 10:59
CVE-2016-5691 7.5
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue.
16-12-2016 - 11:36 13-12-2016 - 10:59
CVE-2016-5690 7.5
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing the pixel scaling table.
16-12-2016 - 09:14 13-12-2016 - 10:59
CVE-2016-5841 7.5
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
14-12-2016 - 22:02 13-12-2016 - 10:59
CVE-2016-5842 5.0
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
14-12-2016 - 21:59 13-12-2016 - 10:59
CVE-2016-8645 4.9
The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_
02-12-2016 - 22:27 27-11-2016 - 22:59
CVE-2016-2143 6.9
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted appli
02-12-2016 - 22:24 27-04-2016 - 13:59
CVE-2016-6480 4.7
Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fe
28-11-2016 - 15:33 06-08-2016 - 16:59
CVE-2016-6327 4.9
drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.
28-11-2016 - 15:31 16-10-2016 - 17:59
CVE-2016-6136 1.9
Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "doubl
28-11-2016 - 15:30 06-08-2016 - 16:59
CVE-2016-4578 2.1
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_t
28-11-2016 - 15:19 23-05-2016 - 06:59
CVE-2016-4569 2.1
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer
28-11-2016 - 15:18 23-05-2016 - 06:59
CVE-2016-3070 4.6
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash)
28-11-2016 - 15:06 06-08-2016 - 16:59
CVE-2016-2834 9.3
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
28-11-2016 - 15:05 13-06-2016 - 06:59
CVE-2016-2053 4.7
The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function
28-11-2016 - 15:02 02-05-2016 - 06:59
CVE-2016-1583 7.2
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames
28-11-2016 - 15:00 27-06-2016 - 06:59
CVE-2015-8956 3.6
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluet
28-11-2016 - 14:50 10-10-2016 - 06:59
CVE-2015-6393 7.8
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay
28-11-2016 - 14:38 06-10-2016 - 06:59
CVE-2015-6392 7.8
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (
28-11-2016 - 14:38 05-10-2016 - 21:59
CVE-2016-3699 6.9
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables t
11-10-2016 - 08:13 07-10-2016 - 10:59
CVE-2016-4564 7.5
The DrawImage function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 makes an incorrect function call in attempting to locate the next token, which allows remote attackers to cause a denial of service (buffer overflow and
22-09-2016 - 22:00 04-06-2016 - 12:59
CVE-2016-4563 6.8
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service
22-09-2016 - 22:00 04-06-2016 - 12:59
CVE-2016-4562 6.8
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and applicati
22-09-2016 - 22:00 04-06-2016 - 12:59
Back to Top Mark selected
Back to Top