CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-5118 284 Exec Code 2016-06-10 2016-06-23
10.0
None Remote Low Not required Complete Complete Complete
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
2 CVE-2016-5104 284 Bypass 2016-06-13 2016-06-15
5.0
None Remote Low Not required None Partial None
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
3 CVE-2016-4804 119 DoS Overflow 2016-06-03 2016-06-03
2.1
None Local Low Not required None None Partial
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.
4 CVE-2016-4579 20 DoS 2016-06-13 2016-06-20
5.0
None Remote Low Not required None None Partial
Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
5 CVE-2016-4574 189 DoS 2016-06-13 2016-06-20
5.0
None Remote Low Not required None None Partial
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
6 CVE-2016-4544 119 DoS Overflow 2016-05-21 2016-06-15
7.5
None Remote Low Not required Partial Partial Partial
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
7 CVE-2016-4543 119 DoS Overflow 2016-05-21 2016-06-15
7.5
None Remote Low Not required Partial Partial Partial
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
8 CVE-2016-4542 119 DoS Overflow 2016-05-21 2016-06-15
7.5
None Remote Low Not required Partial Partial Partial
The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
9 CVE-2016-4541 DoS 2016-05-21 2016-06-15
7.5
None Remote Low Not required Partial Partial Partial
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.
10 CVE-2016-4540 DoS 2016-05-21 2016-06-15
7.5
None Remote Low Not required Partial Partial Partial
The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.
11 CVE-2016-4539 119 DoS Overflow 2016-05-21 2016-06-15
7.5
None Remote Low Not required Partial Partial Partial
The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero.
12 CVE-2016-4538 20 DoS 2016-05-21 2016-06-15
7.5
None Remote Low Not required Partial Partial Partial
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
13 CVE-2016-4537 20 DoS 2016-05-21 2016-06-15
7.5
None Remote Low Not required Partial Partial Partial
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
14 CVE-2016-4478 119 DoS Overflow 2016-06-13 2016-06-20
5.0
None Remote Low Not required None None Partial
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
15 CVE-2016-4429 20 DoS Overflow 2016-06-10 2016-06-10
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
16 CVE-2016-4414 DoS 2016-06-13 2016-06-15
5.0
None Remote Low Not required None None Partial
The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.
17 CVE-2016-4348 20 DoS 2016-05-20 2016-05-23
5.0
None Remote Low Not required None None Partial
The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document.
18 CVE-2016-4346 189 DoS Overflow 2016-05-21 2016-06-15
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
19 CVE-2016-4342 119 DoS Overflow Mem. Corr. 2016-05-21 2016-06-15
8.3
None Remote Medium Not required Partial Partial Complete
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.
20 CVE-2016-4049 20 DoS 2016-05-23 2016-05-25
5.0
None Remote Low Not required None None Partial
The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet.
21 CVE-2016-4036 264 +Info 2016-04-18 2016-05-18
2.1
None Local Low Not required Partial None None
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.
22 CVE-2016-4008 399 DoS 2016-05-05 2016-06-20
4.3
None Remote Medium Not required None None Partial
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.
23 CVE-2016-4007 Exec Code 2016-04-13 2016-04-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."
24 CVE-2016-3977 119 DoS Overflow 2016-04-21 2016-04-28
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
25 CVE-2016-3959 20 DoS 2016-05-23 2016-05-25
5.0
None Remote Low Not required None None Partial
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.
26 CVE-2016-3706 20 DoS Overflow 2016-06-10 2016-06-10
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
27 CVE-2016-3705 20 DoS 2016-05-17 2016-06-22
5.0
None Remote Low Not required None None Partial
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
28 CVE-2016-3697 264 +Priv 2016-06-01 2016-06-16
2.1
None Local Low Not required Partial None None
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
29 CVE-2016-3630 19 Exec Code 2016-04-13 2016-04-18
6.8
None Remote Medium Not required Partial Partial Partial
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
30 CVE-2016-3627 20 DoS 2016-05-17 2016-06-22
5.0
None Remote Low Not required None None Partial
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
31 CVE-2016-3190 119 DoS Overflow 2016-04-21 2016-05-05
5.0
None Remote Low Not required None None Partial
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
32 CVE-2016-3186 119 DoS Overflow 2016-04-19 2016-04-25
5.0
None Remote Low Not required None None Partial
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
33 CVE-2016-3075 119 DoS Overflow 2016-06-01 2016-06-16
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
34 CVE-2016-3069 20 Exec Code 2016-04-13 2016-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
35 CVE-2016-3068 20 Exec Code 2016-04-13 2016-04-18
6.8
None Remote Medium Not required Partial Partial Partial
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.
36 CVE-2016-2851 119 DoS Exec Code Overflow Mem. Corr. 2016-04-07 2016-04-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
37 CVE-2016-2834 DoS Mem. Corr. 2016-06-13 2016-06-20
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
38 CVE-2016-2833 79 XSS 2016-06-13 2016-06-20
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.
39 CVE-2016-2832 200 +Info 2016-06-13 2016-06-20
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.
40 CVE-2016-2831 284 DoS 2016-06-13 2016-06-20
5.8
None Remote Medium Not required None Partial Partial
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
41 CVE-2016-2829 284 2016-06-13 2016-06-20
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 47.0 allows remote attackers to spoof permission notifications via a crafted web site that rapidly triggers permission requests, as demonstrated by the microphone permission or the geolocation permission.
42 CVE-2016-2828 Exec Code 2016-06-13 2016-06-20
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
43 CVE-2016-2825 284 Bypass 2016-06-13 2016-06-20
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL.
44 CVE-2016-2824 119 DoS Overflow 2016-06-13 2016-06-20
6.8
None Remote Medium Not required Partial Partial Partial
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.
45 CVE-2016-2822 284 2016-06-13 2016-06-19
4.3
None Remote Medium Not required None Partial None
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
46 CVE-2016-2821 DoS Exec Code Mem. Corr. 2016-06-13 2016-06-19
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
47 CVE-2016-2802 119 DoS Overflow 2016-03-13 2016-05-12
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
48 CVE-2016-2801 119 DoS Overflow 2016-03-13 2016-05-12
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.
49 CVE-2016-2800 119 DoS Overflow 2016-03-13 2016-05-12
6.8
None Remote Medium Not required Partial Partial Partial
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792.
50 CVE-2016-2799 119 DoS Overflow 2016-03-13 2016-05-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
Total number of vulnerabilities : 966   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.