git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
| Max Base Score | 8.8 |
| Published | 2017-06-01 |
| Updated | 2019-10-03 |
| EPSS | 0.21% |
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
| Max Base Score | 7.5 |
| Published | 2017-03-20 |
| Updated | 2020-09-01 |
| EPSS | 0.30% |
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
| Max Base Score | 3.5 |
| Published | 2017-03-20 |
| Updated | 2020-02-26 |
| EPSS | 0.47% |
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
| Max Base Score | 9.8 |
| Published | 2017-03-24 |
| Updated | 2018-10-30 |
| EPSS | 0.90% |
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
| Max Base Score | 9.8 |
| Published | 2017-03-24 |
| Updated | 2018-10-30 |
| EPSS | 0.91% |
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
| Max Base Score | 7.5 |
| Published | 2017-03-24 |
| Updated | 2018-10-30 |
| EPSS | 2.14% |
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
| Max Base Score | 9.8 |
| Published | 2017-03-24 |
| Updated | 2018-10-30 |
| EPSS | 1.69% |
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
| Max Base Score | 7.8 |
| Published | 2019-11-04 |
| Updated | 2019-11-07 |
| EPSS | 0.10% |
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
| Max Base Score | 7.8 |
| Published | 2019-11-04 |
| Updated | 2019-11-06 |
| EPSS | 0.10% |
Integer overflow in the check_offset function in b/wrestool/fileread.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
| Max Base Score | 7.8 |
| Published | 2019-11-04 |
| Updated | 2019-11-05 |
| EPSS | 0.04% |
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
| Max Base Score | 8.8 |
| Published | 2019-12-03 |
| Updated | 2020-02-03 |
| EPSS | 0.76% |
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
| Max Base Score | 7.5 |
| Published | 2017-02-28 |
| Updated | 2018-02-01 |
| EPSS | 0.44% |
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
| Max Base Score | 7.1 |
| Published | 2017-02-03 |
| Updated | 2018-10-30 |
| EPSS | 0.76% |
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
| Max Base Score | 5.5 |
| Published | 2017-03-03 |
| Updated | 2020-11-16 |
| EPSS | 0.49% |
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
| Max Base Score | 7.8 |
| Published | 2017-03-03 |
| Updated | 2019-04-12 |
| EPSS | 0.66% |
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
| Max Base Score | 7.8 |
| Published | 2017-03-02 |
| Updated | 2020-11-16 |
| EPSS | 0.87% |
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
| Max Base Score | 7.8 |
| Published | 2017-03-23 |
| Updated | 2020-11-16 |
| EPSS | 0.77% |
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
| Max Base Score | 7.8 |
| Published | 2017-03-23 |
| Updated | 2020-11-16 |
| EPSS | 0.62% |
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
| Max Base Score | 9.8 |
| Published | 2017-05-23 |
| Updated | 2022-08-16 |
| EPSS | 0.12% |
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
| Max Base Score | 8.8 |
| Published | 2017-05-23 |
| Updated | 2022-08-16 |
| EPSS | 0.15% |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
| Max Base Score | 9.8 |
| Published | 2017-05-23 |
| Updated | 2022-08-16 |
| EPSS | 0.13% |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
| Max Base Score | 8.8 |
| Published | 2017-05-23 |
| Updated | 2022-08-16 |
| EPSS | 0.15% |
The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.
| Max Base Score | 5.5 |
| Published | 2017-03-01 |
| Updated | 2018-10-30 |
| EPSS | 0.77% |
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.
| Max Base Score | 7.5 |
| Published | 2018-07-30 |
| Updated | 2023-02-12 |
| EPSS | 0.07% |
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
| Max Base Score | 9.8 |
| Published | 2016-12-12 |
| Updated | 2022-06-01 |
| EPSS | 0.70% |