Max CVSS 7.5 Min CVSS 3.5 Total Count50
IDCVSSSummaryLast (major) updatePublished
CVE-2017-2619 6.0
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
12-03-2018 - 11:29 12-03-2018 - 11:29
CVE-2017-5208 6.8
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of executi
22-08-2017 - 14:29 22-08-2017 - 14:29
CVE-2015-1795 7.2
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
27-06-2017 - 16:29 27-06-2017 - 16:29
CVE-2017-4901 7.5
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstati
08-06-2017 - 09:29 08-06-2017 - 09:29
CVE-2016-2126 4.0
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerbero
11-05-2017 - 10:29 11-05-2017 - 10:29
CVE-2017-5029 6.8
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which a
28-04-2017 - 14:16 24-04-2017 - 19:59
CVE-2017-6832 4.3
Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
13-04-2017 - 21:59 20-03-2017 - 12:59
CVE-2017-6831 4.3
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
13-04-2017 - 21:59 20-03-2017 - 12:59
CVE-2017-6837 4.3
WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.
04-04-2017 - 21:59 20-03-2017 - 12:59
CVE-2016-9252 5.0
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) thro
31-03-2017 - 15:02 27-03-2017 - 14:59
CVE-2017-6829 4.3
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
30-03-2017 - 21:59 20-03-2017 - 12:59
CVE-2017-3849 6.1
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to c
30-03-2017 - 11:19 21-03-2017 - 12:59
CVE-2017-3850 7.1
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS)
27-03-2017 - 13:52 21-03-2017 - 12:59
CVE-2017-6381 6.8
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies
23-03-2017 - 13:15 16-03-2017 - 10:59
CVE-2017-6377 5.0
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
23-03-2017 - 13:15 16-03-2017 - 10:59
CVE-2015-8984 4.3
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
22-03-2017 - 15:12 20-03-2017 - 12:59
CVE-2015-8983 6.8
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vec
22-03-2017 - 15:12 20-03-2017 - 12:59
CVE-2017-6838 4.3
Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
22-03-2017 - 13:09 20-03-2017 - 12:59
CVE-2017-6836 4.3
Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
22-03-2017 - 13:08 20-03-2017 - 12:59
CVE-2017-6835 4.3
The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.
22-03-2017 - 13:02 20-03-2017 - 12:59
CVE-2017-6834 4.3
Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
22-03-2017 - 13:02 20-03-2017 - 12:59
CVE-2017-6833 4.3
The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.
22-03-2017 - 13:01 20-03-2017 - 12:59
CVE-2017-6830 4.3
Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
22-03-2017 - 13:01 20-03-2017 - 12:59
CVE-2017-6839 4.3
Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
22-03-2017 - 10:40 20-03-2017 - 12:59
CVE-2014-9938 6.8
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
21-03-2017 - 14:57 19-03-2017 - 20:59
CVE-2017-6379 5.1
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
17-03-2017 - 21:59 16-03-2017 - 10:59
CVE-2015-8982 6.8
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based
17-03-2017 - 08:26 15-03-2017 - 15:59
CVE-2017-6060 6.8
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.
16-03-2017 - 15:10 15-03-2017 - 10:59
CVE-2017-6817 3.5
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
14-03-2017 - 21:59 11-03-2017 - 20:59
CVE-2017-6816 4.0
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
14-03-2017 - 21:59 11-03-2017 - 20:59
CVE-2017-6815 5.8
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
14-03-2017 - 21:59 11-03-2017 - 20:59
CVE-2017-6814 3.5
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishan
14-03-2017 - 21:59 11-03-2017 - 20:59
CVE-2017-6056 5.0
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backportin
14-03-2017 - 14:59 17-02-2017 - 02:59
CVE-2017-6011 4.3
An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the "simple_vec" function in the "extract.c" source file. This affects icotool.
13-03-2017 - 21:59 16-02-2017 - 06:59
CVE-2017-6010 4.3
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "extract_icons" function in the "extract.c" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.
13-03-2017 - 21:59 16-02-2017 - 06:59
CVE-2017-6009 4.3
An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the "decode_ne_resource_id" function in the "restable.c" source file. This is happening because the "len" parameter for memcpy is not checked for size and thus becomes a ne
13-03-2017 - 21:59 16-02-2017 - 06:59
CVE-2017-5604 4.3
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering att
28-02-2017 - 21:59 09-02-2017 - 15:59
CVE-2016-5417 5.0
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initializat
17-02-2017 - 12:31 16-02-2017 - 21:59
CVE-2017-5896 4.3
Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image.
17-02-2017 - 12:12 15-02-2017 - 14:59
CVE-2016-6323 5.0
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang)
01-02-2017 - 21:59 07-10-2016 - 10:59
CVE-2016-4429 7.5
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UD
01-02-2017 - 21:59 10-06-2016 - 11:59
CVE-2016-3706 5.0
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnera
01-02-2017 - 21:59 10-06-2016 - 11:59
CVE-2016-9675 6.8
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
23-12-2016 - 09:44 22-12-2016 - 16:59
CVE-2016-5159 6.8
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have uns
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5158 6.8
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-
28-11-2016 - 15:23 11-09-2016 - 06:59
CVE-2016-5139 6.8
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified
28-11-2016 - 15:22 07-08-2016 - 15:59
CVE-2016-1234 5.0
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
28-11-2016 - 14:58 01-06-2016 - 16:59
CVE-2016-6525 7.5
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.
22-09-2016 - 13:29 22-09-2016 - 11:59
CVE-2016-7163 6.8
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
21-09-2016 - 16:02 21-09-2016 - 10:25
CVE-2016-6346 5.0
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
08-09-2016 - 09:43 07-09-2016 - 14:59
Back to Top Mark selected
Back to Top