GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections.
Max CVSS
5.0
EPSS Score
2.03%
Published
2012-08-31
Updated
2018-10-30
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
Max CVSS
5.0
EPSS Score
0.33%
Published
2015-11-19
Updated
2020-11-20
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
Max CVSS
5.5
EPSS Score
1.12%
Published
2017-03-20
Updated
2018-10-30
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
Max CVSS
5.5
EPSS Score
0.98%
Published
2017-03-17
Updated
2018-10-30
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.
Max CVSS
5.0
EPSS Score
9.50%
Published
2015-11-09
Updated
2021-02-02
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
Max CVSS
5.3
EPSS Score
1.60%
Published
2015-12-06
Updated
2022-12-13
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
Max CVSS
5.5
EPSS Score
1.36%
Published
2017-08-02
Updated
2018-11-22
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
Max CVSS
5.5
EPSS Score
0.88%
Published
2017-07-25
Updated
2018-11-22
Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.
Max CVSS
5.0
EPSS Score
0.54%
Published
2015-12-16
Updated
2018-10-30
Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.
Max CVSS
5.0
EPSS Score
0.46%
Published
2015-12-16
Updated
2018-10-30
Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.36%
Published
2015-12-16
Updated
2018-10-30
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
Max CVSS
5.0
EPSS Score
2.74%
Published
2015-12-16
Updated
2018-10-30
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
Max CVSS
5.0
EPSS Score
0.40%
Published
2015-12-16
Updated
2018-10-30
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation.
Max CVSS
5.0
EPSS Score
4.65%
Published
2015-12-16
Updated
2018-10-30
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation.
Max CVSS
5.0
EPSS Score
4.65%
Published
2015-12-16
Updated
2018-10-30
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.25%
Published
2015-12-15
Updated
2023-02-13
A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates.
Max CVSS
5.3
EPSS Score
0.82%
Published
2019-12-03
Updated
2020-02-03
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
Max CVSS
5.9
EPSS Score
0.29%
Published
2016-01-09
Updated
2018-10-30
wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
Max CVSS
5.9
EPSS Score
0.84%
Published
2016-01-22
Updated
2022-08-29
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Max CVSS
5.0
EPSS Score
0.25%
Published
2015-11-09
Updated
2019-01-16
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
Max CVSS
5.3
EPSS Score
0.73%
Published
2016-02-13
Updated
2021-02-02
The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers an invalid memory access.
Max CVSS
5.3
EPSS Score
0.18%
Published
2016-01-29
Updated
2018-10-30
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.
Max CVSS
5.1
EPSS Score
0.04%
Published
2016-04-21
Updated
2019-12-27
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-04-21
Updated
2019-12-27
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-04-21
Updated
2019-12-27
289 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!