Filtered by vendor Nih
Subscribe
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-16718 | 1 Nih | 1 Ncbi Toolbox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument. | |||||
CVE-2018-16717 | 1 Nih | 1 Ncbi Toolbox | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. | |||||
CVE-2018-16716 | 1 Nih | 1 Ncbi Toolbox | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. | |||||
CVE-2015-2331 | 5 Debian, Fedoraproject, Nih and 2 more | 5 Debian Linux, Fedora, Libzip and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. | |||||
CVE-2012-1163 | 1 Nih | 1 Libzip | 2024-11-21 | 6.8 MEDIUM | N/A |
Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak. | |||||
CVE-2012-1162 | 1 Nih | 1 Libzip | 2024-11-21 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct." |