Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7785 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | |||||
| CVE-2016-9380 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-07-01 | 4.6 MEDIUM | 7.5 HIGH |
| The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. | |||||
| CVE-2016-6623 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2016-9379 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-07-01 | 4.6 MEDIUM | 7.9 HIGH |
| The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | |||||
| CVE-2016-2270 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2017-07-01 | 4.6 MEDIUM | 6.8 MEDIUM |
| Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. | |||||
| CVE-2016-2088 | 1 Isc | 1 Bind | 2017-07-01 | 4.3 MEDIUM | 6.8 MEDIUM |
| resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. | |||||
| CVE-2014-2899 | 1 Yassl | 1 Cyassl | 2017-07-01 | 5.0 MEDIUM | N/A |
| wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found. | |||||
| CVE-2014-9764 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. | |||||
| CVE-2016-4324 | 3 Canonical, Debian, Libreoffice | 3 Ubuntu Linux, Debian Linux, Libreoffice | 2017-07-01 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. | |||||
| CVE-2013-4788 | 1 Gnu | 2 Eglibc, Glibc | 2017-07-01 | 5.1 MEDIUM | N/A |
| The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. | |||||
| CVE-2014-9762 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap. | |||||
| CVE-2012-3495 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-07-01 | 6.1 MEDIUM | N/A |
| The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. | |||||
| CVE-2015-4556 | 1 Call-cc | 1 Chicken | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2016-2216 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2017-07-01 | 4.3 MEDIUM | 7.5 HIGH |
| The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a. | |||||
| CVE-2016-2850 | 2 Botan Project, Fedoraproject | 2 Botan, Fedora | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | |||||
| CVE-2016-2086 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. | |||||
| CVE-2015-1609 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2017-07-01 | 5.0 MEDIUM | N/A |
| MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | |||||
| CVE-2016-2194 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus. | |||||
| CVE-2015-7036 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-01 | 7.5 HIGH | N/A |
| The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument. | |||||
| CVE-2017-9741 | 1 Projectsend | 1 Projectsend | 2017-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. | |||||