Max CVSS 7.5 Min CVSS 2.1 Total Count89
IDCVSSSummaryLast (major) updatePublished
CVE-2016-7056 None
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
10-09-2018 - 12:29 10-09-2018 - 12:29
CVE-2016-9583 None
An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.
01-08-2018 - 13:29 01-08-2018 - 13:29
CVE-2017-5396 7.5
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5395 4.3
Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for And
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5394 6.8
A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5393 4.3
The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5392 7.5
Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5391 7.5
Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5390 7.5
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5389 5.8
WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install addi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5388 5.0
A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service atta
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5387 2.1
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability a
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5386 7.5
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 a
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5385 5.0
Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5384 4.3
Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is spec
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5383 5.0
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5382 5.0
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5381 5.0
The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerabilit
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5380 7.5
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5379 5.0
Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5378 5.0
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerab
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5377 7.5
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5376 7.5
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5375 7.5
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5374 7.5
Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5373 7.5
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affe
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-2598 4.0
Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304).
23-05-2018 - 09:29 23-05-2018 - 09:29
CVE-2017-2609 4.0
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for
22-05-2018 - 13:29 22-05-2018 - 13:29
CVE-2017-2607 3.5
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content w
21-05-2018 - 19:29 21-05-2018 - 19:29
CVE-2017-2613 5.8
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user r
15-05-2018 - 18:29 15-05-2018 - 18:29
CVE-2017-2610 3.5
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in search suggestions due to improperly escaping users with less-than and greater-than characters in their names (SECURITY-388).
15-05-2018 - 17:29 15-05-2018 - 17:29
CVE-2017-2604 4.0
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371).
15-05-2018 - 17:29 15-05-2018 - 17:29
CVE-2017-2603 3.5
Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).
15-05-2018 - 17:29 15-05-2018 - 17:29
CVE-2017-2602 4.0
jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blacklisting of the Pipeline metadata files in the agent-to-master security subsystem. This could allow metadata files to be written to by malicious agents (SECURITY-358).
15-05-2018 - 17:29 15-05-2018 - 17:29
CVE-2017-2612 5.5
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
15-05-2018 - 16:29 15-05-2018 - 16:29
CVE-2017-2608 6.5
Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio in XStream-based APIs (SECURITY-383).
15-05-2018 - 16:29 15-05-2018 - 16:29
CVE-2017-2600 4.0
In jenkins before versions 2.44, 2.32.2 node monitor data could be viewed by low privilege users via the remote API. These included system configuration and runtime information of these nodes (SECURITY-343).
15-05-2018 - 16:29 15-05-2018 - 16:29
CVE-2017-2601 3.5
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and description
10-05-2018 - 09:29 10-05-2018 - 09:29
CVE-2017-2606 4.0
Jenkins before versions 2.44, 2.32.2 is vulnerable to an information exposure in the internal API that allows access to item names that should not be visible (SECURITY-380). This only affects anonymous users (other users legitimately have access) tha
08-05-2018 - 16:29 08-05-2018 - 16:29
CVE-2017-2611 4.0
Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jen
08-05-2018 - 14:29 08-05-2018 - 14:29
CVE-2017-0358 7.2
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege esca
16-04-2018 - 05:58 13-04-2018 - 11:29
CVE-2017-0357 7.5
A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.
16-04-2018 - 05:58 13-04-2018 - 11:29
CVE-2017-2599 5.5
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).
11-04-2018 - 12:29 11-04-2018 - 12:29
CVE-2016-8610 5.0
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL ser
13-11-2017 - 17:29 13-11-2017 - 17:29
CVE-2017-2605 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000362. Reason: This candidate is a duplicate of CVE-2017-1000362. A vendor reference identifier was mistakenly treated as a CVE ID. Notes: All CVE users should reference CVE-2017
24-07-2017 - 13:29 24-07-2017 - 13:29
CVE-2017-3731 5.0
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can
05-05-2017 - 21:29 04-05-2017 - 15:29
CVE-2016-6225 4.3
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files v
28-03-2017 - 13:15 23-03-2017 - 12:59
CVE-2017-5336 7.5
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
27-03-2017 - 15:26 24-03-2017 - 11:59
CVE-2017-5335 5.0
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
27-03-2017 - 15:26 24-03-2017 - 11:59
CVE-2017-5334 7.5
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Cert
27-03-2017 - 15:24 24-03-2017 - 11:59
CVE-2017-5337 7.5
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
27-03-2017 - 15:19 24-03-2017 - 11:59
CVE-2016-7444 5.0
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism
24-03-2017 - 21:59 27-09-2016 - 11:59
CVE-2016-7553 2.1
The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file.
15-03-2017 - 13:31 27-02-2017 - 17:59
CVE-2016-9872 4.3
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
08-03-2017 - 12:27 03-02-2017 - 02:59
CVE-2017-5356 5.0
Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (]).
07-03-2017 - 21:59 03-03-2017 - 10:59
CVE-2016-9873 6.5
EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exp
07-03-2017 - 20:48 03-02-2017 - 02:59
CVE-2017-5193 5.0
The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick.
07-03-2017 - 08:21 03-03-2017 - 10:59
CVE-2017-5196 5.0
Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8.
07-03-2017 - 08:03 03-03-2017 - 10:59
CVE-2017-5195 5.0
Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code.
07-03-2017 - 07:41 03-03-2017 - 10:59
CVE-2017-5194 5.0
Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.
06-03-2017 - 21:59 03-03-2017 - 10:59
CVE-2016-10164 7.5
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensi
22-02-2017 - 11:19 01-02-2017 - 10:59
CVE-2016-8214 4.6
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.
10-02-2017 - 21:59 25-01-2017 - 06:59
CVE-2017-5610 5.0
wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.
05-02-2017 - 15:48 29-01-2017 - 23:59
CVE-2017-5611 7.5
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post typ
05-02-2017 - 15:46 29-01-2017 - 23:59
CVE-2017-5612 4.3
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt.
03-02-2017 - 11:08 29-01-2017 - 23:59
CVE-2016-6271 5.0
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
02-02-2017 - 21:59 18-01-2017 - 17:59
CVE-2016-9932 2.1
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
27-01-2017 - 11:08 26-01-2017 - 10:59
CVE-2016-10024 4.9
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
27-01-2017 - 09:27 26-01-2017 - 10:59
CVE-2016-10013 4.6
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
27-01-2017 - 09:25 26-01-2017 - 10:59
CVE-2016-10025 2.1
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
27-01-2017 - 09:22 26-01-2017 - 10:59
CVE-2016-8642 5.0
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
25-01-2017 - 15:23 20-01-2017 - 03:59
CVE-2017-5493 5.0
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or
18-01-2017 - 21:59 14-01-2017 - 21:59
CVE-2017-5492 6.8
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action,
18-01-2017 - 21:59 14-01-2017 - 21:59
CVE-2017-5491 5.0
wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name.
18-01-2017 - 21:59 14-01-2017 - 21:59
CVE-2017-5490 4.3
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, rela
18-01-2017 - 21:59 14-01-2017 - 21:59
CVE-2017-5489 6.8
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
18-01-2017 - 21:59 14-01-2017 - 21:59
CVE-2017-5488 4.3
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
18-01-2017 - 21:59 14-01-2017 - 21:59
CVE-2016-6354 7.5
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
17-01-2017 - 21:59 21-09-2016 - 10:25
CVE-2016-5652 6.8
An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a save
10-01-2017 - 21:59 06-01-2017 - 16:59
CVE-2016-9540 7.5
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
09-12-2016 - 21:59 22-11-2016 - 14:59
CVE-2016-9537 7.5
tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097.
09-12-2016 - 21:59 22-11-2016 - 14:59
CVE-2016-9536 7.5
tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka "t2p_process_jpeg_strip heap-buffer-overflow."
09-12-2016 - 21:59 22-11-2016 - 14:59
CVE-2016-9535 7.5
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Pre
09-12-2016 - 21:59 22-11-2016 - 14:59
CVE-2016-9534 7.5
tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."
09-12-2016 - 21:59 22-11-2016 - 14:59
CVE-2016-9533 7.5
tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka "PixarLog horizontalDifference heap-buffer-overflow."
09-12-2016 - 21:59 22-11-2016 - 14:59
CVE-2015-8870 5.8
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4
08-12-2016 - 21:59 06-12-2016 - 13:59
CVE-2016-4450 5.0
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary
28-11-2016 - 15:18 07-06-2016 - 10:06
CVE-2011-4969 4.3
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
28-11-2016 - 14:07 08-03-2013 - 17:55
CVE-2015-0886 5.0
Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maxi
24-09-2015 - 13:03 27-02-2015 - 21:59
Back to Top Mark selected
Back to Top