Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9857 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-7905 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. | |||||
| CVE-2016-7094 | 1 Xen | 1 Xen | 2017-07-01 | 1.5 LOW | 4.1 MEDIUM |
| Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. | |||||
| CVE-2016-9385 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-07-01 | 4.9 MEDIUM | 6.0 MEDIUM |
| The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks. | |||||
| CVE-2016-7122 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. | |||||
| CVE-2016-9852 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue. | |||||
| CVE-2016-9851 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. | |||||
| CVE-2016-9850 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-9853 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue. | |||||
| CVE-2016-9848 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-9847 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-6627 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-7777 | 1 Xen | 1 Xen | 2017-07-01 | 3.3 LOW | 6.3 MEDIUM |
| Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. | |||||
| CVE-2016-6625 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2017-6508 | 1 Gnu | 1 Wget | 2017-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. | |||||
| CVE-2016-9298 | 1 Imagemagick | 1 Imagemagick | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image. | |||||
| CVE-2016-6652 | 1 Pivotal Software | 1 Spring Data Jpa | 2017-07-01 | 6.8 MEDIUM | 5.6 MEDIUM |
| SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call. | |||||
| CVE-2016-6632 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-9189 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. | |||||
| CVE-2016-6628 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-9860 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-6630 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-2820 | 1 Mozilla | 1 Firefox | 2017-07-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. | |||||
| CVE-2015-8927 | 1 Libarchive | 1 Libarchive | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password. | |||||
| CVE-2015-8929 | 2 Libarchive, Suse | 4 Libarchive, Linux Enterprise Desktop, Linux Enterprise Server and 1 more | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. | |||||
| CVE-2016-0775 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. | |||||
| CVE-2016-5704 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. | |||||
| CVE-2016-10221 | 1 Artifex | 1 Mupdf | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document. | |||||
| CVE-2016-2817 | 1 Mozilla | 1 Firefox | 2017-07-01 | 4.3 MEDIUM | 5.4 MEDIUM |
| The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. | |||||
| CVE-2016-2813 | 2 Google, Mozilla | 2 Android, Firefox | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. | |||||
| CVE-2016-2810 | 2 Google, Mozilla | 2 Android, Firefox | 2017-07-01 | 4.3 MEDIUM | 5.0 MEDIUM |
| Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. | |||||
| CVE-2016-2533 | 3 Debian, Python, Python Imaging Project | 3 Debian Linux, Pillow, Python Imaging | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file. | |||||
| CVE-2016-2088 | 1 Isc | 1 Bind | 2017-07-01 | 4.3 MEDIUM | 6.8 MEDIUM |
| resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. | |||||
| CVE-2016-1523 | 4 Debian, Fedoraproject, Mozilla and 1 more | 5 Debian Linux, Fedora, Firefox Esr and 2 more | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font. | |||||
| CVE-2016-2217 | 1 Dest-unreach | 1 Socat | 2017-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. | |||||
| CVE-2016-2271 | 1 Xen | 1 Xen | 2017-07-01 | 2.1 LOW | 5.5 MEDIUM |
| VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. | |||||
| CVE-2016-2809 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2017-07-01 | 5.8 MEDIUM | 5.5 MEDIUM |
| The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. | |||||
| CVE-2016-2816 | 1 Mozilla | 1 Firefox | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. | |||||
| CVE-2016-4412 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 3.6 LOW | 4.4 MEDIUM |
| An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected. | |||||
| CVE-2016-5732 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters. | |||||
| CVE-2016-0740 | 2 Debian, Python | 2 Debian Linux, Pillow | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file. | |||||
| CVE-2016-5010 | 1 Imagemagick | 1 Imagemagick | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file. | |||||
| CVE-2016-5319 | 1 Libtiff | 1 Libtiff | 2017-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. | |||||
| CVE-2016-4855 | 1 Adodb Project | 1 Adodb | 2017-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3182 | 1 Wireshark | 1 Wireshark | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-2270 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2017-07-01 | 4.6 MEDIUM | 6.8 MEDIUM |
| Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. | |||||
| CVE-2015-7780 | 1 Zohocorp | 1 Manageengine Firewall Analyzer | 2017-06-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | |||||
| CVE-2017-9218 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2017-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. | |||||
| CVE-2017-9219 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2017-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file. | |||||
| CVE-2017-9220 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2017-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file. | |||||