Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10146 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 7.8 HIGH | 7.5 HIGH |
| Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2017-10925 | 1 Irfanview | 2 Fpx, Irfanview | 2017-11-04 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae." | |||||
| CVE-2016-2221 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL. | |||||
| CVE-2016-2222 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 5.0 MEDIUM | 8.6 HIGH |
| The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php. | |||||
| CVE-2016-7976 | 1 Artifex | 1 Ghostscript | 2017-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. | |||||
| CVE-2017-10971 | 1 X.org | 1 Xorg-server | 2017-11-04 | 6.5 MEDIUM | 8.8 HIGH |
| In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. | |||||
| CVE-2016-9014 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2017-11-04 | 6.8 MEDIUM | 8.1 HIGH |
| Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. | |||||
| CVE-2016-6252 | 1 Shadow Project | 1 Shadow | 2017-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. | |||||
| CVE-2017-10924 | 1 Irfanview | 2 Fpx, Irfanview | 2017-11-04 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a529." | |||||
| CVE-2017-10922 | 1 Xen | 1 Xen | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. | |||||
| CVE-2016-10189 | 1 Bitlbee | 2 Bitlbee, Bitlbee-libpurple | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. | |||||
| CVE-2016-10026 | 1 Ikiwiki | 1 Ikiwiki | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. | |||||
| CVE-2016-6635 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option. | |||||
| CVE-2016-6786 | 1 Linux | 1 Linux Kernel | 2017-11-04 | 6.9 MEDIUM | 7.0 HIGH |
| kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. | |||||
| CVE-2016-6787 | 1 Linux | 1 Linux Kernel | 2017-11-04 | 6.9 MEDIUM | 7.0 HIGH |
| kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224. | |||||
| CVE-2016-10013 | 1 Xen | 1 Xen | 2017-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. | |||||
| CVE-2016-4029 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 5.0 MEDIUM | 8.6 HIGH |
| WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address. | |||||
| CVE-2014-0145 | 1 Qemu | 1 Qemu | 2017-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c). | |||||
| CVE-2017-5489 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. | |||||
| CVE-2017-5492 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. | |||||
| CVE-2017-7976 | 1 Artifex | 1 Jbig2dec | 2017-11-04 | 5.8 MEDIUM | 7.1 HIGH |
| Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a denial of service (application crash) or disclosure of sensitive information from process memory. | |||||
| CVE-2017-7975 | 1 Artifex | 1 Jbig2dec | 2017-11-04 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. | |||||
| CVE-2017-7487 | 1 Linux | 1 Linux Kernel | 2017-11-04 | 7.2 HIGH | 7.8 HIGH |
| The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface. | |||||
| CVE-2017-6346 | 1 Linux | 1 Linux Kernel | 2017-11-04 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls. | |||||
| CVE-2017-7692 | 1 Squirrelmail | 1 Squirrelmail | 2017-11-04 | 9.0 HIGH | 8.8 HIGH |
| SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting. | |||||
| CVE-2017-8064 | 1 Linux | 1 Linux Kernel | 2017-11-04 | 7.2 HIGH | 7.8 HIGH |
| drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-7853 | 1 Gnu | 1 Osip | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS. | |||||
| CVE-2016-4331 | 1 Hdfgroup | 1 Hdf5 | 2017-11-04 | 6.9 MEDIUM | 8.6 HIGH |
| When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution. | |||||
| CVE-2016-4332 | 1 Hdfgroup | 1 Hdf5 | 2017-11-04 | 6.9 MEDIUM | 8.6 HIGH |
| The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. | |||||
| CVE-2015-5590 | 1 Php | 1 Php | 2017-11-04 | 7.5 HIGH | 7.3 HIGH |
| Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension. | |||||
| CVE-2016-1979 | 1 Mozilla | 2 Firefox, Network Security Services | 2017-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. | |||||
| CVE-2017-14099 | 1 Digium | 2 Asterisk, Certified Asterisk | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well. | |||||
| CVE-2016-10094 | 1 Libtiff | 1 Libtiff | 2017-11-04 | 6.8 MEDIUM | 7.8 HIGH |
| Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. | |||||
| CVE-2016-4300 | 2 Libarchive, Redhat | 8 Libarchive, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2017-11-04 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-9297 | 1 Libtiff | 1 Libtiff | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. | |||||
| CVE-2017-14578 | 1 Irfanview | 1 Irfanview | 2017-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4." | |||||
| CVE-2016-8714 | 1 R Project | 1 R | 2017-11-04 | 6.8 MEDIUM | 7.5 HIGH |
| An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. | |||||
| CVE-2015-8550 | 2 Novell, Xen | 2 Suse Linux Enterprise Real Time Extension, Xen | 2017-11-04 | 5.7 MEDIUM | 8.2 HIGH |
| Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. | |||||
| CVE-2016-4302 | 2 Libarchive, Redhat | 8 Libarchive, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2017-11-04 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary. | |||||
| CVE-2017-14539 | 1 Irfanview | 1 Irfanview | 2017-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x000000000011d767." | |||||
| CVE-2017-14540 | 1 Irfanview | 1 Irfanview | 2017-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e." | |||||
| CVE-2015-8270 | 1 Rtmpdump Project | 1 Rtmpdump | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash). | |||||
| CVE-2016-4333 | 1 Hdfgroup | 1 Hdf5 | 2017-11-04 | 6.9 MEDIUM | 8.6 HIGH |
| The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it. | |||||
| CVE-2016-7997 | 1 Graphicsmagick | 1 Graphicsmagick | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. | |||||
| CVE-2016-3624 | 1 Libtiff | 1 Libtiff | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. | |||||
| CVE-2016-4330 | 1 Hdfgroup | 1 Hdf5 | 2017-11-04 | 6.9 MEDIUM | 8.6 HIGH |
| In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution. | |||||
| CVE-2016-2399 | 1 Libquicktime | 1 Libquicktime | 2017-11-04 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. | |||||
| CVE-2016-8707 | 1 Imagemagick | 1 Imagemagick | 2017-11-04 | 6.8 MEDIUM | 7.0 HIGH |
| An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. | |||||
| CVE-2016-1978 | 1 Mozilla | 2 Firefox, Network Security Services | 2017-11-04 | 7.5 HIGH | 7.3 HIGH |
| Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. | |||||
| CVE-2017-10914 | 1 Xen | 1 Xen | 2017-11-04 | 6.8 MEDIUM | 8.1 HIGH |
| The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. | |||||