openSUSE Leap 42.2

A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.

Published: 2017-07-06T16:00:00.000Z
Updated: 2024-08-05T16:48:22.902Z

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

Published: 2017-08-28T19:00:00.000Z
Updated: 2024-08-05T15:33:20.475Z

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.

Published: 2017-03-27T17:00:00.000Z
Updated: 2024-08-05T15:33:20.175Z

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.

Published: 2017-03-15T14:00:00.000Z
Updated: 2024-08-05T15:18:49.281Z

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.

Published: 2017-03-20T16:00:00.000Z
Updated: 2024-08-05T15:18:48.417Z

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Published: 2018-01-04T13:00:00.000Z
Updated: 2026-05-28T18:00:56.175Z

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.

Published: 2017-03-24T15:00:00.000Z
Updated: 2024-08-05T14:55:35.701Z

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.

Published: 2017-03-24T15:00:00.000Z
Updated: 2024-08-05T14:55:35.805Z

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.

Published: 2017-03-24T15:00:00.000Z
Updated: 2024-08-05T14:55:35.773Z

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.

Published: 2017-03-24T15:00:00.000Z
Updated: 2024-08-05T14:55:35.773Z

Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.

Published: 2019-11-04T20:24:00.000Z
Updated: 2024-08-05T14:55:35.814Z

The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

Published: 2019-11-04T20:24:14.000Z
Updated: 2024-08-05T14:55:35.813Z

Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.

Published: 2019-11-04T20:24:09.000Z
Updated: 2024-08-05T14:55:35.800Z

The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.

Published: 2017-12-20T23:00:00.000Z
Updated: 2024-08-05T20:59:17.961Z

The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

Published: 2017-12-20T23:00:00.000Z
Updated: 2024-08-05T20:59:17.879Z

LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue

Published: 2019-03-17T16:44:47.000Z
Updated: 2024-08-05T20:20:05.120Z

The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.

Published: 2017-11-09T19:00:00.000Z
Updated: 2024-08-05T19:57:27.615Z

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

Published: 2018-03-01T19:00:00.000Z
Updated: 2024-09-16T22:03:14.200Z

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

Published: 2017-10-02T21:00:00.000Z
Updated: 2024-08-05T19:27:40.669Z

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Published: 2017-10-02T21:00:00.000Z
Updated: 2024-08-05T19:27:40.755Z

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.471Z

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.354Z

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.219Z

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.325Z

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.560Z

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.441Z

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.283Z

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.231Z

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.469Z

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Published: 2017-10-17T02:00:00.000Z
Updated: 2024-08-05T18:58:12.291Z

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

Published: 2017-06-19T16:00:00.000Z
Updated: 2024-08-05T22:00:39.873Z

game-music-emu before 0.6.1 mishandles unspecified integer values.

Published: 2017-06-06T18:00:00.000Z
Updated: 2024-08-06T03:07:31.619Z

game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).

Published: 2017-06-06T18:00:00.000Z
Updated: 2024-08-06T03:07:31.835Z

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.

Published: 2017-04-12T20:00:00.000Z
Updated: 2024-08-06T03:07:31.477Z

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.

Published: 2017-04-12T20:00:00.000Z
Updated: 2024-08-06T03:07:31.788Z

Stack-based buffer overflow in game-music-emu before 0.6.1.

Published: 2017-04-12T20:00:00.000Z
Updated: 2024-08-06T03:07:31.400Z

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Published: 2017-05-23T03:56:00.000Z
Updated: 2024-08-06T02:59:03.637Z

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

Published: 2017-05-23T03:56:00.000Z
Updated: 2025-12-04T16:36:07.397Z

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Published: 2017-05-23T03:56:00.000Z
Updated: 2024-08-06T02:59:03.536Z

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Published: 2017-05-23T03:56:00.000Z
Updated: 2024-08-06T02:59:03.590Z

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

Published: 2017-03-01T20:00:00.000Z
Updated: 2024-08-06T02:59:03.527Z

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.

Published: 2017-01-20T15:00:00.000Z
Updated: 2024-08-06T02:50:38.380Z

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.

Published: 2017-01-20T15:00:00.000Z
Updated: 2024-11-14T20:06:38.851Z

Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.

Published: 2016-12-12T02:00:00.000Z
Updated: 2024-08-06T02:50:38.343Z

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.

Published: 2017-03-23T18:00:00.000Z
Updated: 2024-08-06T02:50:37.755Z

Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.

Published: 2016-12-09T22:00:00.000Z
Updated: 2024-08-06T02:42:10.568Z

Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.

Published: 2016-12-09T22:00:00.000Z
Updated: 2024-08-06T02:42:10.527Z

Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.

Published: 2016-12-09T22:00:00.000Z
Updated: 2024-08-06T02:42:10.894Z

Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.

Published: 2016-12-09T22:00:00.000Z
Updated: 2024-08-06T02:42:10.139Z

The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.

Published: 2016-11-04T21:00:00.000Z
Updated: 2024-08-06T02:35:02.328Z

The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.

Published: 2016-11-04T21:00:00.000Z
Updated: 2024-08-06T02:35:02.281Z

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.

Published: 2017-02-15T19:00:00.000Z
Updated: 2024-08-06T02:35:01.227Z

The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.

Published: 2017-02-15T19:00:00.000Z
Updated: 2024-08-06T02:27:41.261Z

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.

Published: 2017-02-15T19:00:00.000Z
Updated: 2024-08-06T02:27:41.207Z

Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.

Published: 2017-02-15T19:00:00.000Z
Updated: 2024-08-06T02:27:41.258Z

The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.

Published: 2016-11-04T21:00:00.000Z
Updated: 2024-08-06T02:27:41.271Z

The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.

Published: 2016-11-04T21:00:00.000Z
Updated: 2024-08-06T02:27:41.254Z

The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.

Published: 2016-11-04T21:00:00.000Z
Updated: 2024-08-06T02:27:41.205Z

The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.

Published: 2016-11-04T21:00:00.000Z
Updated: 2024-08-06T02:27:40.958Z

Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.

Published: 2016-11-04T21:00:00.000Z
Updated: 2024-08-06T02:27:40.920Z

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

Published: 2016-11-04T21:00:00.000Z
Updated: 2024-08-06T02:27:40.856Z

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:27:40.795Z

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

Published: 2017-02-03T15:00:00.000Z
Updated: 2024-08-06T02:27:40.406Z

Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.

Published: 2016-12-10T00:00:00.000Z
Updated: 2024-08-06T02:13:21.616Z

Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands.

Published: 2016-12-10T00:00:00.000Z
Updated: 2024-08-06T02:13:21.646Z

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

Published: 2017-03-24T15:00:00.000Z
Updated: 2024-08-06T02:04:56.102Z

Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.

Published: 2016-12-10T00:00:00.000Z
Updated: 2024-08-06T01:57:47.693Z

The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.

Published: 2016-12-10T00:00:00.000Z
Updated: 2024-08-06T01:57:47.613Z

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.

Published: 2016-12-10T00:00:00.000Z
Updated: 2024-08-06T01:50:47.551Z

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394.

Published: 2017-03-23T16:00:00.000Z
Updated: 2024-08-06T01:22:20.639Z

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

Published: 2019-11-05T21:45:36.000Z
Updated: 2024-08-06T00:46:39.893Z

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.

Published: 2017-12-05T16:00:00.000Z
Updated: 2024-08-05T22:48:13.662Z

The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.

Published: 2017-02-28T18:00:00.000Z
Updated: 2024-08-06T03:14:42.330Z

Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.

Published: 2017-03-03T18:00:00.000Z
Updated: 2024-08-06T03:07:32.118Z

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.

Published: 2017-03-02T21:00:00.000Z
Updated: 2024-08-06T03:07:32.096Z

Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.

Published: 2017-03-23T17:00:00.000Z
Updated: 2024-08-06T03:07:32.087Z

Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.

Published: 2017-03-23T17:00:00.000Z
Updated: 2024-08-06T03:07:32.085Z

gdm3 3.14.2 and possibly later has an information leak before screen lock

Published: 2019-11-05T13:08:36.000Z
Updated: 2024-08-06T03:47:34.868Z

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

Published: 2019-11-04T20:27:33.000Z
Updated: 2024-08-06T08:36:31.253Z

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

Published: 2017-03-27T17:00:00.000Z
Updated: 2024-08-06T08:06:31.609Z

A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.

Published: 2019-12-03T22:13:39.000Z
Updated: 2024-08-06T07:51:28.490Z

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: 2017-07-25T18:00:00.000Z
Updated: 2024-08-06T06:41:08.383Z

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.

Published: 2017-08-02T19:00:00.000Z
Updated: 2024-08-06T06:41:07.991Z

print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).

Published: 2017-09-27T18:00:00.000Z
Updated: 2024-08-06T05:39:31.079Z

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).

Published: 2017-03-20T16:00:00.000Z
Updated: 2024-08-06T13:55:04.556Z

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.

Published: 2017-03-20T16:00:00.000Z
Updated: 2024-08-06T13:55:04.941Z

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

Published: 2017-03-20T16:00:00.000Z
Updated: 2024-08-06T13:55:04.580Z

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

Published: 2017-08-07T20:00:00.000Z
Updated: 2024-08-06T10:43:05.864Z