Max CVSS 10.0 Min CVSS 1.9 Total Count166
IDCVSSSummaryLast (major) updatePublished
CVE-2016-2123 6.5
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database.
01-11-2018 - 09:29 01-11-2018 - 09:29
CVE-2016-2125 3.3
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to othe
31-10-2018 - 16:29 31-10-2018 - 16:29
CVE-2016-9580 6.8
An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.
01-08-2018 - 12:29 01-08-2018 - 12:29
CVE-2016-9572 4.3
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processi
01-08-2018 - 12:29 01-08-2018 - 12:29
CVE-2016-9581 6.8
An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.
01-08-2018 - 10:29 01-08-2018 - 10:29
CVE-2016-9573 5.8
An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2016-9074 4.3
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9594 6.8
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.
23-04-2018 - 15:29 23-04-2018 - 15:29
CVE-2016-8743 5.0
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in
27-07-2017 - 17:29 27-07-2017 - 17:29
CVE-2016-2161 5.0
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
27-07-2017 - 17:29 27-07-2017 - 17:29
CVE-2016-0736 5.0
In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated en
27-07-2017 - 17:29 27-07-2017 - 17:29
CVE-2016-9961 10.0
game-music-emu before 0.6.1 mishandles unspecified integer values.
06-06-2017 - 14:29 06-06-2017 - 14:29
CVE-2016-9960 2.1
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
06-06-2017 - 14:29 06-06-2017 - 14:29
CVE-2016-2126 4.0
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerbero
11-05-2017 - 10:29 11-05-2017 - 10:29
CVE-2016-9311 7.1
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-9310 6.4
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-8740 5.0
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via cr
09-05-2017 - 21:29 05-12-2016 - 14:59
CVE-2016-7434 5.0
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7433 5.0
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7431 5.0
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7428 3.3
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7427 3.3
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-7426 4.3
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses wit
09-05-2017 - 21:29 13-01-2017 - 11:59
CVE-2016-2183 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth
09-05-2017 - 21:29 31-08-2016 - 20:59
CVE-2016-7530 4.3
The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file.
09-05-2017 - 08:39 20-04-2017 - 14:59
CVE-2016-9958 6.8
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
20-04-2017 - 08:47 12-04-2017 - 16:59
CVE-2016-9957 6.8
Stack-based buffer overflow in game-music-emu before 0.6.1.
20-04-2017 - 08:45 12-04-2017 - 16:59
CVE-2016-9959 6.8
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
20-04-2017 - 08:26 12-04-2017 - 16:59
CVE-2016-9922 2.1
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors invol
31-03-2017 - 12:38 27-03-2017 - 11:59
CVE-2016-8866 6.8
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because
27-03-2017 - 21:59 15-02-2017 - 14:59
CVE-2016-8862 6.8
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
27-03-2017 - 21:59 15-02-2017 - 14:59
CVE-2016-9556 4.3
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
24-03-2017 - 11:09 23-03-2017 - 14:59
CVE-2016-7800 5.0
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.
23-03-2017 - 21:59 06-02-2017 - 12:59
CVE-2014-9848 5.0
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
22-03-2017 - 13:23 20-03-2017 - 12:59
CVE-2016-5387 5.1
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an app
20-03-2017 - 21:59 18-07-2016 - 22:00
CVE-2016-6210 4.3
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference be
09-03-2017 - 11:51 13-02-2017 - 12:59
CVE-2016-9794 7.2
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafte
08-03-2017 - 13:11 28-12-2016 - 02:59
CVE-2016-8655 7.2
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet
07-03-2017 - 21:59 08-12-2016 - 03:59
CVE-2016-9559 4.3
coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image.
02-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2016-0718 7.5
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
02-03-2017 - 21:59 26-05-2016 - 12:59
CVE-2016-9132 7.5
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which
02-03-2017 - 10:47 30-01-2017 - 17:59
CVE-2016-9830 4.3
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
02-03-2017 - 10:35 01-03-2017 - 15:59
CVE-2016-5240 4.3
The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.
28-02-2017 - 14:04 27-02-2017 - 17:59
CVE-2016-9817 4.9
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
28-02-2017 - 10:11 27-02-2017 - 17:59
CVE-2016-9816 4.9
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
28-02-2017 - 10:03 27-02-2017 - 17:59
CVE-2016-9818 4.9
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
28-02-2017 - 09:54 27-02-2017 - 17:59
CVE-2016-9815 4.9
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
28-02-2017 - 09:53 27-02-2017 - 17:59
CVE-2016-10003 5.0
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
27-02-2017 - 21:37 27-01-2017 - 12:59
CVE-2016-10002 5.0
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack req
27-02-2017 - 21:36 27-01-2017 - 12:59
CVE-2016-2178 2.1
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
23-02-2017 - 14:43 19-06-2016 - 21:59
CVE-2016-2177 7.5
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveragi
23-02-2017 - 14:43 19-06-2016 - 21:59
CVE-2016-9773 4.3
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists bec
23-02-2017 - 11:09 16-02-2017 - 21:59
CVE-2016-9637 3.7
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
23-02-2017 - 11:07 16-02-2017 - 21:59
CVE-2016-8682 5.0
The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header.
17-02-2017 - 09:30 15-02-2017 - 14:59
CVE-2016-8684 6.8
The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
17-02-2017 - 09:22 15-02-2017 - 14:59
CVE-2016-8683 6.8
The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."
17-02-2017 - 09:02 15-02-2017 - 14:59
CVE-2016-9963 2.6
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
15-02-2017 - 07:47 01-02-2017 - 10:59
CVE-2016-9939 5.0
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then t
07-02-2017 - 16:42 30-01-2017 - 16:59
CVE-2016-2317 4.3
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTr
07-02-2017 - 16:39 03-02-2017 - 10:59
CVE-2016-2318 4.3
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath
07-02-2017 - 14:19 03-02-2017 - 10:59
CVE-2016-6306 4.3
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-6304 7.8
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-9932 2.1
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
27-01-2017 - 11:08 26-01-2017 - 10:59
CVE-2016-9381 6.9
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
26-01-2017 - 09:42 23-01-2017 - 16:59
CVE-2016-9382 4.6
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switchi
26-01-2017 - 09:39 23-01-2017 - 16:59
CVE-2016-9386 4.6
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
26-01-2017 - 09:38 23-01-2017 - 16:59
CVE-2016-9379 4.6
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration
26-01-2017 - 09:31 23-01-2017 - 16:59
CVE-2016-9380 4.6
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
26-01-2017 - 09:31 23-01-2017 - 16:59
CVE-2016-9383 7.2
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emu
26-01-2017 - 08:52 23-01-2017 - 16:59
CVE-2016-10033 7.5
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
25-01-2017 - 21:59 30-12-2016 - 14:59
CVE-2016-7997 5.0
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
23-01-2017 - 18:51 18-01-2017 - 12:59
CVE-2016-7996 7.5
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
23-01-2017 - 18:49 18-01-2017 - 12:59
CVE-2016-9935 7.5
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty bo
17-01-2017 - 21:59 04-01-2017 - 15:59
CVE-2016-9934 5.0
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
17-01-2017 - 21:59 04-01-2017 - 15:59
CVE-2016-9933 5.0
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation vi
17-01-2017 - 21:59 04-01-2017 - 15:59
CVE-2016-9576 7.2
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-af
17-01-2017 - 21:59 28-12-2016 - 02:59
CVE-2016-8860 5.0
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote a
17-01-2017 - 21:59 04-01-2017 - 15:59
CVE-2016-1248 6.8
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
17-01-2017 - 21:59 23-11-2016 - 10:59
CVE-2016-9105 2.1
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
10-01-2017 - 23:13 09-12-2016 - 17:59
CVE-2016-9101 2.1
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
10-01-2017 - 23:10 09-12-2016 - 17:59
CVE-2016-9106 2.1
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
10-01-2017 - 21:59 09-12-2016 - 17:59
CVE-2016-9555 10.0
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified
06-01-2017 - 22:00 27-11-2016 - 22:59
CVE-2016-9104 2.1
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which tr
06-01-2017 - 22:00 09-12-2016 - 17:59
CVE-2016-8910 1.9
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
06-01-2017 - 22:00 04-11-2016 - 17:59
CVE-2016-8909 1.9
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer posi
06-01-2017 - 22:00 04-11-2016 - 17:59
CVE-2016-8669 1.9
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater th
06-01-2017 - 22:00 04-11-2016 - 17:59
CVE-2016-8668 1.9
The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.
06-01-2017 - 22:00 04-11-2016 - 17:59
CVE-2016-8667 1.9
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
06-01-2017 - 22:00 04-11-2016 - 17:59
CVE-2016-8578 1.9
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P o
06-01-2017 - 22:00 04-11-2016 - 17:59
CVE-2016-8577 1.9
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.
06-01-2017 - 22:00 04-11-2016 - 17:59
CVE-2016-8576 1.9
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request
06-01-2017 - 22:00 04-11-2016 - 17:59
CVE-2016-7995 2.1
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.
06-01-2017 - 22:00 09-12-2016 - 19:59
CVE-2016-7994 2.1
Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CRE
06-01-2017 - 22:00 09-12-2016 - 19:59
CVE-2016-7909 4.9
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to
06-01-2017 - 22:00 05-10-2016 - 12:59
CVE-2016-7908 2.1
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU
06-01-2017 - 22:00 05-10-2016 - 12:59
CVE-2016-7907 2.1
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU
06-01-2017 - 22:00 05-10-2016 - 12:59
CVE-2016-7466 2.1
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly
06-01-2017 - 22:00 09-12-2016 - 19:59
CVE-2016-7422 2.1
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
06-01-2017 - 22:00 09-12-2016 - 19:59
CVE-2016-7170 2.1
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[
06-01-2017 - 22:00 09-12-2016 - 19:59
CVE-2016-7161 10.0
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
06-01-2017 - 22:00 05-10-2016 - 12:59
CVE-2016-7117 10.0
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
06-01-2017 - 22:00 10-10-2016 - 07:00
CVE-2016-7098 6.8
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.
06-01-2017 - 22:00 26-09-2016 - 10:59
CVE-2016-10012 7.2
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a san
06-01-2017 - 22:00 04-01-2017 - 21:59
CVE-2016-10011 2.1
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
06-01-2017 - 22:00 04-01-2017 - 21:59
CVE-2016-10010 6.9
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
06-01-2017 - 22:00 04-01-2017 - 21:59
CVE-2016-10009 7.5
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
06-01-2017 - 22:00 04-01-2017 - 21:59
CVE-2016-5118 10.0
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
03-01-2017 - 21:59 10-06-2016 - 11:59
CVE-2016-9913 4.9
Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) via vectors involving
03-01-2017 - 12:54 29-12-2016 - 17:59
CVE-2016-9588 2.1
arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.
30-12-2016 - 21:59 28-12-2016 - 02:59
CVE-2016-2118 6.8
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersona
30-12-2016 - 21:59 12-04-2016 - 19:59
CVE-2016-2115 4.3
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.
30-12-2016 - 21:59 24-04-2016 - 20:59
CVE-2016-2114 4.3
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client
30-12-2016 - 21:59 24-04-2016 - 20:59
CVE-2016-2113 5.8
Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certific
30-12-2016 - 21:59 24-04-2016 - 20:59
CVE-2016-2112 4.3
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade att
30-12-2016 - 21:59 24-04-2016 - 20:59
CVE-2016-2111 4.3
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive sessi
30-12-2016 - 21:59 24-04-2016 - 20:59
CVE-2016-2110 4.3
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove app
30-12-2016 - 21:59 24-04-2016 - 20:59
CVE-2015-8467 6.0
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, wh
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-7540 5.0
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via cra
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-5330 5.0
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending craft
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-5299 5.0
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote att
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-5296 4.3
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-s
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-5252 5.0
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points o
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-3223 5.0
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a deni
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2016-2935 5.0
The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request.
30-12-2016 - 16:14 30-11-2016 - 06:59
CVE-2016-2934 4.3
Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
30-12-2016 - 16:14 30-11-2016 - 06:59
CVE-2016-2931 5.0
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
30-12-2016 - 16:13 30-11-2016 - 06:59
CVE-2016-2932 5.0
IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors.
30-12-2016 - 16:13 30-11-2016 - 06:59
CVE-2016-2933 6.8
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.
30-12-2016 - 16:13 30-11-2016 - 06:59
CVE-2016-8707 6.8
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code ex
27-12-2016 - 21:59 23-12-2016 - 17:59
CVE-2016-3715 5.8
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
27-12-2016 - 21:59 05-05-2016 - 14:59
CVE-2016-3714 10.0
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "I
27-12-2016 - 21:59 05-05-2016 - 14:59
CVE-2016-2099 10.0
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
27-12-2016 - 21:59 13-05-2016 - 10:59
CVE-2016-9921 2.1
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw
27-12-2016 - 14:01 23-12-2016 - 17:59
CVE-2016-9911 2.1
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in
27-12-2016 - 14:00 23-12-2016 - 17:59
CVE-2016-9849 7.5
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4
27-12-2016 - 09:35 10-12-2016 - 21:59
CVE-2016-9850 5.0
An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to
27-12-2016 - 09:34 10-12-2016 - 21:59
CVE-2016-9865 7.5
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x v
23-12-2016 - 21:59 10-12-2016 - 22:00
CVE-2016-9864 6.0
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tab
23-12-2016 - 21:59 10-12-2016 - 22:00
CVE-2016-9861 5.0
An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) ar
23-12-2016 - 21:59 10-12-2016 - 22:00
CVE-2016-9997 4.3
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
23-12-2016 - 15:22 16-12-2016 - 22:59
CVE-2016-9998 4.3
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
23-12-2016 - 15:18 16-12-2016 - 22:59
CVE-2016-7777 3.3
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the h
21-12-2016 - 22:00 07-10-2016 - 10:59
CVE-2015-1283 6.8
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspec
21-12-2016 - 21:59 22-07-2015 - 20:59
CVE-2016-4472 6.8
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists
15-12-2016 - 08:30 30-06-2016 - 13:59
CVE-2016-9920 6.0
steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which
14-12-2016 - 22:00 08-12-2016 - 13:59
CVE-2016-6626 5.8
An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
14-12-2016 - 11:13 10-12-2016 - 21:59
CVE-2016-4412 3.6
An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (p
13-12-2016 - 12:26 10-12-2016 - 21:59
CVE-2016-2943 1.9
IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file.
02-12-2016 - 22:26 30-11-2016 - 06:59
CVE-2016-0729 7.5
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corrupti
02-12-2016 - 22:17 07-04-2016 - 17:59
CVE-2016-7445 5.0
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
02-12-2016 - 18:19 03-10-2016 - 12:09
CVE-2016-5300 7.8
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists beca
29-11-2016 - 22:07 16-06-2016 - 14:59
CVE-2016-2928 4.0
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.
29-11-2016 - 22:05 25-11-2016 - 15:59
CVE-2012-6702 4.3
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
29-11-2016 - 21:59 16-06-2016 - 14:59
CVE-2016-9114 5.0
There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
29-11-2016 - 14:15 30-10-2016 - 18:59
CVE-2016-9113 5.0
There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
29-11-2016 - 14:15 30-10-2016 - 18:59
CVE-2016-9112 5.0
Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.
29-11-2016 - 14:13 29-10-2016 - 06:59
CVE-2016-9118 5.0
Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.
29-11-2016 - 14:12 30-10-2016 - 18:59
CVE-2016-9117 4.3
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
29-11-2016 - 14:12 30-10-2016 - 18:59
CVE-2016-9116 4.3
NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
29-11-2016 - 14:12 30-10-2016 - 18:59
CVE-2016-9115 4.3
Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
29-11-2016 - 14:10 30-10-2016 - 18:59
CVE-2016-8332 6.8
A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted
28-11-2016 - 15:40 28-10-2016 - 10:59
CVE-2016-5131 6.8
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
28-11-2016 - 15:22 23-07-2016 - 15:59
CVE-2016-4658 10.0
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary co
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2015-8899 5.0
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
28-11-2016 - 14:50 30-06-2016 - 13:59
CVE-2015-8808 4.3
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.
14-07-2016 - 11:36 13-07-2016 - 11:59
CVE-2015-0119 7.5
FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port.
06-04-2015 - 12:49 05-04-2015 - 20:59
Back to Top Mark selected
Back to Top