Vulnerabilities (CVE)

Filtered by vendor Nih Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16718 1 Nih 1 Ncbi Toolbox 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument.
CVE-2018-16717 1 Nih 1 Ncbi Toolbox 2024-11-21 7.5 HIGH 9.8 CRITICAL
A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox.
CVE-2018-16716 1 Nih 1 Ncbi Toolbox 2024-11-21 7.5 HIGH 9.1 CRITICAL
A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string.
CVE-2015-2331 5 Debian, Fedoraproject, Nih and 2 more 5 Debian Linux, Fedora, Libzip and 2 more 2024-11-21 7.5 HIGH N/A
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
CVE-2012-1163 1 Nih 1 Libzip 2024-11-21 6.8 MEDIUM N/A
Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.
CVE-2012-1162 1 Nih 1 Libzip 2024-11-21 7.5 HIGH N/A
Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."