Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2376 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-29 | 6.8 MEDIUM | 8.1 HIGH |
| A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow. | |||||
| CVE-2016-2377 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-29 | 6.8 MEDIUM | 8.1 HIGH |
| A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentially result in an out-of-bounds write of one byte. A malicious server can send a negative content-length in response to a HTTP request triggering the vulnerability. | |||||
| CVE-2016-2378 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-29 | 6.8 MEDIUM | 8.1 HIGH |
| A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability. | |||||
| CVE-2016-2380 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-29 | 4.3 MEDIUM | 3.1 LOW |
| An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read. | |||||
| CVE-2016-4323 | 3 Canonical, Debian, Pidgin | 3 Ubuntu Linux, Debian Linux, Pidgin | 2017-03-29 | 5.8 MEDIUM | 3.7 LOW |
| A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability. | |||||
| CVE-2016-9556 | 3 Debian, Imagemagick, Opensuse Project | 3 Debian Linux, Imagemagick, Leap | 2017-03-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. | |||||
| CVE-2016-5315 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2017-03-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. | |||||
| CVE-2015-8979 | 2 Debian, Dicom | 2 Debian Linux, Dcmtk | 2017-02-23 | 5.0 MEDIUM | 7.5 HIGH |
| Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242. | |||||
| CVE-2016-3981 | 3 Canonical, Debian, Optipng Project | 3 Ubuntu Linux, Debian Linux, Optipng | 2017-02-18 | 9.3 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file. | |||||
| CVE-2016-9963 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2017-02-15 | 2.6 LOW | 5.9 MEDIUM |
| Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. | |||||
| CVE-2016-9532 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2017-02-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file. | |||||
| CVE-2016-9119 | 3 Canonical, Debian, Moinmo | 3 Ubuntu Linux, Debian Linux, Moinmoin | 2017-02-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-6354 | 2 Debian, Flex Project | 2 Debian Linux, Flex | 2017-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. | |||||
| CVE-2016-9964 | 2 Bottlepy, Debian | 2 Bottle, Debian Linux | 2017-01-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call. | |||||
| CVE-2013-7020 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2017-01-06 | 6.8 MEDIUM | N/A |
| The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not properly enforce certain bit-count and colorspace constraints, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. | |||||
| CVE-2014-1557 | 3 Debian, Mozilla, Oracle | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2017-01-06 | 9.3 HIGH | N/A |
| The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. | |||||
| CVE-2014-3160 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-06 | 6.8 MEDIUM | N/A |
| The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. | |||||
| CVE-2014-3162 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-06 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2015-3333 | 3 Canonical, Debian, Google | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2017-01-02 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2015-1241 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2017-01-02 | 4.3 MEDIUM | N/A |
| Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. | |||||