Total
145 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11537 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. | ||||
| CVE-2017-1000456 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | N/A |
| freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | ||||
| CVE-2017-0819 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918. | ||||
| CVE-2017-0679 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978. | ||||
| CVE-2017-0666 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689. | ||||
| CVE-2017-0545 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32591350. | ||||
| CVE-2017-0342 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-11-21 | N/A |
| All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading to denial of service or potential escalation of privileges. | ||||
| CVE-2016-9377 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
| Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation. | ||||
| CVE-2016-7433 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2024-11-21 | N/A |
| NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." | ||||
| CVE-2016-7055 | 3 Nodejs, Openssl, Redhat | 3 Node.js, Openssl, Jboss Core Services | 2024-11-21 | 5.9 Medium |
| There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. | ||||
| CVE-2016-1938 | 2 Mozilla, Opensuse | 4 Firefox, Nss, Leap and 1 more | 2024-11-21 | N/A |
| The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. | ||||
| CVE-2016-10158 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2024-11-21 | N/A |
| The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. | ||||
| CVE-2016-1000340 | 2 Bouncycastle, Redhat | 4 Legion-of-the-bouncy-castle-java-crytography-api, Jboss Fuse, Satellite and 1 more | 2024-11-21 | N/A |
| In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers. | ||||
| CVE-2016-0777 | 6 Apple, Hp, Openbsd and 3 more | 8 Mac Os X, Remote Device Access Virtual Customer Access System, Openssh and 5 more | 2024-11-21 | N/A |
| The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. | ||||
| CVE-2015-9261 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2024-11-21 | 5.5 Medium |
| huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | ||||
| CVE-2015-8932 | 5 Canonical, Debian, Libarchive and 2 more | 7 Ubuntu Linux, Debian Linux, Libarchive and 4 more | 2024-11-21 | N/A |
| The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift. | ||||
| CVE-2015-3276 | 3 Openldap, Oracle, Redhat | 10 Openldap, Linux, Enterprise Linux and 7 more | 2024-11-21 | 7.5 High |
| The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. | ||||
| CVE-2014-0205 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | N/A |
| The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count. | ||||
| CVE-2011-3062 | 3 Google, Mozilla, Redhat | 6 Chrome, Firefox, Seamonkey and 3 more | 2024-11-21 | N/A |
| Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file. | ||||
| CVE-2011-1573 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 5.9 Medium |
| net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip_enable and auth_enable are used, does not consider the amount of zero padding during calculation of chunk lengths for (1) INIT and (2) INIT ACK chunks, which allows remote attackers to cause a denial of service (OOPS) via crafted packet data. | ||||