Total
1465 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2318 | 4 Debian, Graphicsmagick, Opensuse and 1 more | 7 Debian Linux, Graphicsmagick, Leap and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. | |||||
CVE-2016-2317 | 4 Debian, Graphicsmagick, Opensuse and 1 more | 7 Debian Linux, Graphicsmagick, Leap and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. | |||||
CVE-2016-2315 | 3 Git-scm, Opensuse, Suse | 8 Git, Leap, Opensuse and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow. | |||||
CVE-2016-2313 | 2 Cacti, Opensuse | 3 Cacti, Leap, Opensuse | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. | |||||
CVE-2016-2191 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Leap and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image. | |||||
CVE-2016-2150 | 5 Debian, Microsoft, Opensuse and 2 more | 12 Debian Linux, Windows, Leap and 9 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. | |||||
CVE-2016-2107 | 8 Canonical, Debian, Google and 5 more | 15 Ubuntu Linux, Debian Linux, Android and 12 more | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. | |||||
CVE-2016-2105 | 8 Apple, Canonical, Debian and 5 more | 15 Mac Os X, Ubuntu Linux, Debian Linux and 12 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | |||||
CVE-2016-2099 | 2 Apache, Opensuse | 2 Xerces-c\+\+, Opensuse | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. | |||||
CVE-2016-2043 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. | |||||
CVE-2016-2042 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message. | |||||
CVE-2016-2041 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. | |||||
CVE-2016-2040 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. | |||||
CVE-2016-2039 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value. | |||||
CVE-2016-2038 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. | |||||
CVE-2016-1977 | 5 Mozilla, Opensuse, Oracle and 2 more | 6 Firefox, Leap, Opensuse and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. | |||||
CVE-2016-1974 | 4 Mozilla, Opensuse, Oracle and 1 more | 6 Firefox, Thunderbird, Leap and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. | |||||
CVE-2016-1966 | 3 Mozilla, Opensuse, Oracle | 4 Firefox, Thunderbird, Opensuse and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. | |||||
CVE-2016-1965 | 3 Mozilla, Opensuse, Oracle | 3 Firefox, Opensuse, Linux | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. | |||||
CVE-2016-1964 | 4 Mozilla, Opensuse, Oracle and 1 more | 6 Firefox, Thunderbird, Leap and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. |