Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-3714 | 10.0 |
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "I
|
11-09-2024 - 11:11 | 05-05-2016 - 18:59 | |
CVE-2016-3715 | 5.8 |
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
|
24-07-2024 - 17:06 | 05-05-2016 - 18:59 | |
CVE-2016-3718 | 4.3 |
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
|
24-07-2024 - 17:05 | 05-05-2016 - 18:59 | |
CVE-2016-3717 | 7.1 |
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
|
12-02-2023 - 23:20 | 05-05-2016 - 18:59 | |
CVE-2016-3716 | 4.3 |
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
|
12-02-2023 - 23:20 | 05-05-2016 - 18:59 | |
CVE-2016-3698 | 6.8 |
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity d
|
12-02-2023 - 23:18 | 13-06-2016 - 19:59 | |
CVE-2016-0718 | 7.5 |
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
|
12-02-2023 - 23:15 | 26-05-2016 - 16:59 | |
CVE-2015-7552 | 9.3 |
Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.
|
30-10-2018 - 16:27 | 18-04-2016 - 14:59 | |
CVE-2015-8874 | 5.0 |
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
|
30-10-2018 - 16:27 | 16-05-2016 - 10:59 | |
CVE-2016-4348 | 5.0 |
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
|
30-10-2018 - 16:27 | 20-05-2016 - 14:59 | |
CVE-2016-4478 | 5.0 |
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
|
30-10-2018 - 16:27 | 13-06-2016 - 19:59 | |
CVE-2003-0501 | 2.1 |
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.
|
03-05-2018 - 01:29 | 07-08-2003 - 04:00 | |
CVE-2003-0476 | 2.1 |
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
|
03-05-2018 - 01:29 | 07-08-2003 - 04:00 | |
CVE-2015-8877 | 5.0 |
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memo
|
05-01-2018 - 02:30 | 22-05-2016 - 01:59 | |
CVE-2013-7456 | 6.8 |
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified ot
|
05-01-2018 - 02:29 | 07-08-2016 - 10:59 | |
CVE-2003-0550 | 5.0 |
The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2003-0619 | 5.0 |
Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2003-0551 | 5.0 |
The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2003-0462 | 1.2 |
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2003-0552 | 5.0 |
Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2003-0461 | 2.1 |
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
|
11-10-2017 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2016-4079 | 4.3 |
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2016-4082 | 4.3 |
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and appl
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2016-4006 | 4.3 |
epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and application crash) via a crafted packet.
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2016-4081 | 4.3 |
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2016-4080 | 4.3 |
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a craf
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2016-4085 | 4.3 |
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long st
|
03-12-2016 - 03:27 | 25-04-2016 - 10:59 | |
CVE-2015-8466 | 5.8 |
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.
|
01-12-2016 - 03:01 | 13-01-2016 - 15:59 | |
CVE-2015-8875 | 6.8 |
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash
|
05-10-2016 - 01:59 | 01-06-2016 - 22:59 | |
CVE-2015-7558 | 5.0 |
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
|
23-08-2016 - 14:50 | 20-05-2016 - 14:59 | |
CVE-2016-1902 | 5.0 |
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random
|
03-06-2016 - 14:58 | 01-06-2016 - 22:59 | |
CVE-2016-4423 | 5.0 |
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username st
|
03-06-2016 - 14:50 | 01-06-2016 - 22:59 | |
CVE-2003-0018 | 3.6 |
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.
|
11-09-2008 - 00:05 | 19-02-2003 - 05:00 |