Max CVSS 9.3 Min CVSS 2.1 Total Count89
IDCVSSSummaryLast (major) updatePublished
CVE-2018-6126 6.8
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
09-01-2019 - 14:29 09-01-2019 - 14:29
CVE-2018-5188 7.5
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabi
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-5156 7.5
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12366 4.3
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12365 4.3
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12364 6.8
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) at
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12363 6.8
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentia
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12362 6.8
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR <
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12360 6.8
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12359 6.8
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-5008 5.0
Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5007 6.8
Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-0361 4.3
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
16-07-2018 - 13:29 16-07-2018 - 13:29
CVE-2018-0360 4.3
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
16-07-2018 - 13:29 16-07-2018 - 13:29
CVE-2018-8356 2.1
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8325 4.3
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297,
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8324 4.3
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297,
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8323 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8314 4.3
An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Ser
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8313 7.2
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8312 9.3
A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8310 5.0
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8309 4.9
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windo
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8308 8.5
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Serv
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8307 6.8
A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, W
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8304 7.1
A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8301 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-20
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8300 6.8
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8299 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8297 4.3
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8324,
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8296 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CV
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8294 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8291 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8290 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8289 4.3
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8297, CVE-2018-8324,
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8288 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8287 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Inter
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8286 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8284 9.3
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Micros
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8282 7.2
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8281 9.3
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPo
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8280 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8279 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8278 5.8
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8276 4.3
A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8275 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8274 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-20
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8262 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8274, CVE-20
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8260 6.8
A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8242 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8222 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8206 7.8
A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Serve
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8202 7.2
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Fram
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8125 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-20
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-0949 4.3
A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-12938 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17833. Reason: This candidate is a duplicate of CVE-2017-17833. Notes: All CVE users should reference CVE-2017-17833 instead of this candidate. All references and descriptions i
28-06-2018 - 19:29 28-06-2018 - 19:29
CVE-2018-3760 5.0
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application'
26-06-2018 - 15:29 26-06-2018 - 15:29
CVE-2018-1152 4.3
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
18-06-2018 - 10:29 18-06-2018 - 10:29
CVE-2018-12232 7.1
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment t
12-06-2018 - 08:29 12-06-2018 - 08:29
CVE-2017-7762 5.0
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-11214 4.3
An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
16-05-2018 - 13:29 16-05-2018 - 13:29
CVE-2018-11213 4.3
An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
16-05-2018 - 13:29 16-05-2018 - 13:29
CVE-2018-11212 4.3
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
16-05-2018 - 13:29 16-05-2018 - 13:29
CVE-2017-17833 7.5
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
23-04-2018 - 14:29 23-04-2018 - 14:29
CVE-2018-7183 7.5
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
08-03-2018 - 15:29 08-03-2018 - 15:29
CVE-2018-7185 5.0
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association
06-03-2018 - 15:29 06-03-2018 - 15:29
CVE-2018-7184 5.0
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset
06-03-2018 - 15:29 06-03-2018 - 15:29
CVE-2018-7182 5.0
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
06-03-2018 - 15:29 06-03-2018 - 15:29
CVE-2018-7727 4.3
An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.
06-03-2018 - 12:29 06-03-2018 - 12:29
CVE-2018-7726 4.3
An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
06-03-2018 - 12:29 06-03-2018 - 12:29
CVE-2018-7725 4.3
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.
06-03-2018 - 12:29 06-03-2018 - 12:29
CVE-2018-6869 4.3
In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
09-02-2018 - 01:29 09-02-2018 - 01:29
CVE-2018-6542 4.3
In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.
02-02-2018 - 04:29 02-02-2018 - 04:29
CVE-2018-6541 4.3
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service
02-02-2018 - 04:29 02-02-2018 - 04:29
CVE-2018-6540 4.3
In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
02-02-2018 - 04:29 02-02-2018 - 04:29
CVE-2018-6484 4.3
In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
01-02-2018 - 00:29 01-02-2018 - 00:29
CVE-2018-6381 4.3
In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.
29-01-2018 - 12:29 29-01-2018 - 12:29
CVE-2017-16932 5.0
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
23-11-2017 - 16:29 23-11-2017 - 16:29
CVE-2017-15232 4.3
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
10-10-2017 - 23:29 10-10-2017 - 23:29
CVE-2014-9092 4.3
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.
10-10-2017 - 09:29 10-10-2017 - 09:29
CVE-2017-5981 4.3
seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5980 4.3
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5979 4.3
The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5978 4.3
The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5977 4.3
The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5976 4.3
Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5975 4.3
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2017-5974 4.3
Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file.
06-03-2017 - 21:59 01-03-2017 - 10:59
CVE-2016-3616 6.8
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
28-02-2017 - 09:31 13-02-2017 - 13:59
Back to Top Mark selected
Back to Top