Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8680 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file. | |||||
| CVE-2016-8678 | 1 Imagemagick | 1 Imagemagick | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64." | |||||
| CVE-2016-8652 | 1 Dovecot | 1 Dovecot | 2017-02-22 | 4.3 MEDIUM | 5.9 MEDIUM |
| The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. | |||||
| CVE-2016-7511 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2016-7510 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. | |||||
| CVE-2016-7111 | 1 Mantisbt | 1 Mantisbt | 2017-02-22 | 2.6 LOW | 4.7 MEDIUM |
| MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2016-6190 | 1 Inverse-inc | 1 Sogo | 2017-02-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users. | |||||
| CVE-2016-6062 | 1 Ibm | 1 Resilient | 2017-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065. | |||||
| CVE-2016-5364 | 1 Mantisbt | 1 Mantisbt | 2017-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. | |||||
| CVE-2016-5037 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||||
| CVE-2016-5034 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records. | |||||
| CVE-2016-5035 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-5033 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-5032 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2016-5031 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-5030 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||||
| CVE-2016-5029 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file. | |||||
| CVE-2016-5028 | 1 Libdwarf Project | 1 Libdwarf | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections. | |||||
| CVE-2016-7762 | 1 Apple | 1 Iphone Os | 2017-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. | |||||
| CVE-2016-7761 | 1 Apple | 1 Mac Os X | 2017-02-22 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage. | |||||
| CVE-2016-7759 | 1 Apple | 1 Iphone Os | 2017-02-22 | 2.1 LOW | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the "Springboard" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher. | |||||
| CVE-2016-7666 | 1 Apple | 1 Transporter | 2017-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. Transporter before 1.9.2 is affected. The issue involves the "iTMSTransporter" component, which allows attackers to obtain sensitive information via a crafted EPUB. | |||||
| CVE-2016-4685 | 1 Apple | 1 Iphone Os | 2017-02-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files. | |||||
| CVE-2016-7614 | 1 Apple | 1 Icloud | 2017-02-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iCloud before 6.1 is affected. The issue involves the "Windows Security" component. It allows local users to obtain sensitive information from iCloud desktop-client process memory via unspecified vectors. | |||||
| CVE-2016-7581 | 1 Apple | 1 Iphone Os | 2017-02-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "Safari" component, which allows remote web servers to cause a denial of service via a crafted URL. | |||||
| CVE-2016-7580 | 1 Apple | 1 Mac Os X | 2017-02-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL. | |||||
| CVE-2016-4721 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-02-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification. | |||||
| CVE-2016-7153 | 5 Apple, Google, Microsoft and 2 more | 6 Safari, Chrome, Edge and 3 more | 2017-02-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | |||||
| CVE-2016-7152 | 5 Apple, Google, Microsoft and 2 more | 6 Safari, Chrome, Edge and 3 more | 2017-02-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. | |||||
| CVE-2016-0245 | 1 Ibm | 1 Websphere Portal | 2017-02-19 | 5.5 MEDIUM | 5.4 MEDIUM |
| The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-2146 | 1 Cisco | 2 Ios, Ios Xe | 2017-02-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. | |||||
| CVE-2016-9139 | 1 Otrs | 1 Otrs | 2017-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. | |||||
| CVE-2016-9827 | 1 Libming | 1 Libming | 2017-02-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file. | |||||
| CVE-2016-9828 | 1 Libming | 1 Libming | 2017-02-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file. | |||||
| CVE-2016-9371 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2017-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING). | |||||
| CVE-2016-2274 | 1 Adcon Telemetry | 2 A850 Telemetry Gateway Base Station, A850 Telemetry Gateway Base Station Firmware | 2017-02-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting. | |||||
| CVE-2016-6832 | 1 Libav | 1 Libav | 2017-02-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing. | |||||
| CVE-2016-6077 | 1 Ibm | 1 Cognos Disclosure Management | 2017-02-17 | 6.8 MEDIUM | 5.3 MEDIUM |
| IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584. | |||||
| CVE-2016-6060 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2017-02-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547. | |||||
| CVE-2016-7477 | 1 Libav | 1 Libav | 2017-02-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file. NOTE: this issue was originally reported as involving a NULL pointer dereference. | |||||
| CVE-2016-7393 | 1 Libav | 1 Libav | 2017-02-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-8675 | 1 Libav | 1 Libav | 2017-02-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection. | |||||
| CVE-2016-7499 | 1 Libav | 1 Libav | 2017-02-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. | |||||
| CVE-2016-8676 | 1 Libav | 1 Libav | 2017-02-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675. | |||||
| CVE-2016-9354 | 1 Moxa | 1 Dacenter | 2017-02-17 | 7.1 HIGH | 5.5 MEDIUM |
| An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption. | |||||
| CVE-2017-5141 | 1 Honeywell | 1 Xl Web Ii Controller | 2017-02-17 | 6.5 MEDIUM | 6.0 MEDIUM |
| An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION). | |||||
| CVE-2016-1907 | 1 Openbsd | 1 Openssh | 2017-02-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | |||||
| CVE-2016-4393 | 1 Hp | 1 System Management Homepage | 2017-02-17 | 3.5 LOW | 5.4 MEDIUM |
| HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. | |||||
| CVE-2016-4394 | 1 Hp | 1 System Management Homepage | 2017-02-17 | 5.8 MEDIUM | 6.5 MEDIUM |
| HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. | |||||
| CVE-2017-5164 | 1 Binom3 | 2 Universal Multifunctional Electric Power Quality Meter, Universal Multifunctional Electric Power Quality Meter Firmware | 2017-02-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session (CROSS-SITE SCRIPTING). | |||||