35 matches found
CVE-2017-17805
CVE-2017-17805 affects the Linux kernel prior to 4.14.8. The Salsa20 cipher implementation (crypto/salsa20_generic.c and arch/x86/crypto/salsa20_glue.c) mishandles zero-length inputs, allowing a local attacker to use the AF_ALG-based skcipher interface to trigger uninitialized memory free and ker...
CVE-2017-17806
CVE-2017-17806 affects the Linux kernel before 4.14.8. The HMAC implementation (crypto/hmac.c) does not validate that the underlying hash algorithm is unkeyed, allowing a local attacker who can use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and SHA-3 (CONFIG_CRYPTO_SHA3) to tri...
CVE-2015-5221
CVE-2015-5221 is a vulnerability in the JasPer JPEG-2000 library (libjasper/mif/mif_cod.c, function mif_process_cmpt). Multiple connected sources confirm a memory safety issue in this area: the core flaw is described as a use-after-free or memory misreference in the mif_process_cmpt path, exploit...
CVE-2015-5203
CVE-2015-5203 is a double-free flaw in JasPer’s jasper_image_stop_load() used when processing certain JPEG 2000 images. Backed by multiple connected advisories, this vulnerability can allow a remote attacker to crash an application or, in some reports, potentially execute arbitrary code. Affected...
CVE-2014-9847
ImageMagick CVE-2014-9847 concerns the jng decoder. Multiple connected sources confirm a remote denial-of-service possibility: a crafted JNG file can cause the application to crash. The vulnerability affects ImageMagick 6.8.9.9 (jng decoder) and is described in CNVD-2017-04496 as a DoS in the jng...
CVE-2016-5316
The CVE-2016-5316 entry concerns the LibTIFF library. Affected component: libtiff
CVE-2016-5317
CVE-2016-5317 is a vulnerability in the libTIFF library: a buffer/write issue in the PixarLogDecode() path within libtiff, affecting 4.0.6 and earlier. Exploitation via a crafted TIFF file could crash the host application (DoS) and, in some reports, may enable arbitrary code execution in certain ...
CVE-2016-9556
Technical details for CVE-2016-9556 are not available in the provided connected documents; only the core description and references are present. Monitor official advisories for updates.
CVE-2017-6542
CVE-2017-6542 affects PuTTY before 0.68. The vulnerability lies in the ssh_agent_channel_data function processing forwarded SSH agent messages; a large length value can trigger a heap-based buffer overflow, potentially enabling remote code execution or other impact when agent forwarding is used. ...
CVE-2016-1254
Tor before 0.2.8.12 is affected by CVE-2016-1254. The vulnerability arises from parsing hidden service descriptors and can cause a denial-of-service client crash. Affected products are Tor releases prior to 0.2.8.12; exploitation details are not provided beyond the crash condition. Remediation is...
CVE-2014-9848
Memory leak in ImageMagick (CVE-2014-9848) allows remote attackers to cause a denial of service via crafted inputs. Affected software component is ImageMagick; root cause is a memory leak leading to memory consumption. The connected documents do not specify a patch or fixed version; some advisori...
CVE-2015-5218
CVE-2015-5218 is a buffer overflow in util-linux's text-utils/colcrt.c (colcrt) that allows a local user to crash the system via a crafted file. The description states the issue and the mitigation path provided here is for CP4S: upgrade Cloud Pak for Security to 1.9.0 (per remediation section); n...
CVE-2014-9846
CVE-2014-9846 involves a buffer overflow in the ReadRLEImage function (coders/rle.c) of ImageMagick, exposed in at least ImageMagick 6.8.9.9. Remote, unauthenticated attackers could trigger an overflow, with impact described as unspecified in the CVE record. The connected OpenVAS/Nessus entries c...
CVE-2014-9845
CVE-2014-9845 : ImageMagick’s ReadDIBImage function (coders/dib.c) is vulnerable to a denial of service by processing a corrupted DIB file. The vulnerability exists in the ImageMagick code path that reads DIB images. The connected sources confirm the affected component and the crash outcome but d...
CVE-2016-9957
Summary: CVE-2016-9957 corresponds to a stack-based buffer overflow in the Game Music Emu library prior to version 0.6.1. Multiple connected advisories (Gentoo GLSA-201707-02, Fedora advisories) describe a remotely triggerable condition: a user could be enticed to open a specially crafted SPC mus...
CVE-2014-9843
CVE-2014-9843 : In ImageMagick 6.8.9.9, the DecodePSDPixels function in coders/psd.c is vulnerable. Remote attackers may exploit via unknown vectors to achieve unspecified impact. The provided connected documents do not specify concrete exploit paths, affected versions beyond 6.8.9.9, or remediat...
CVE-2014-9851
CVE-2014-9851 affects ImageMagick 6.8.9.9 and allows remote attackers to cause a denial of service (application crash). The vulnerability is documented in multiple feeds (including CNVD and OSV) with the issue described as a remote DoS via crafted input. Available connected sources confirm the pr...
CVE-2016-9435
CVE-2016-9435 affects the w3m HTML renderer. The HTMLtagproc1 function in file.c does not properly initialize values in w3m before 0.5.3+git20161009, allowing remote attackers to crash the application via a crafted HTML file (notably involving tags). The vulnerability could cause a denial of ser...
CVE-2016-9960
CVE-2016-9960 affects game-music-emu prior to 0.6.1, allowing local users to cause a denial-of-service via a divide-by-zero that crashes the process. The NVD entry documents the vulnerability; Gentoo GLSA-201707-02 and Gentoo advisories describe multiple vulnerabilities in Game Music Emu and reco...
CVE-2014-9841
CVE-2014-9841 affects ImageMagick, with the ReadPSDLayers function in coders/psd.c vulnerable to remote exploitation via unknown vectors, related to throwing of exceptions. Public references in the provided documents confirm ImageMagick 6.8.9.9 exposure and list CVE-2014-9841 among vulnerabilitie...
CVE-2016-10048
CVE-2016-10048 affects ImageMagick. The case details a directory traversal vulnerability in magick/module.c that allows remote attackers to load arbitrary modules via unspecified vectors. The connected feeds document the CVE in unpatched Red Hat advisories, but do not specify a public patch versi...
CVE-2016-10068
CVE-2016-10068 : The MSL interpreter in ImageMagick prior to 6.9.6-4 allows a remote attacker to trigger a denial of service (segmentation fault and application crash) via a crafted XML file. The connected documents corroborate that this vulnerability affects ImageMagick before 6.9.6-4 and descri...
CVE-2014-9849
CVE-2014-9849 : The png coder in ImageMagick is vulnerable to remote denial of service, allowing a remote attacker to crash the process. The description in the initial document confirms a DoS via the png coder, and connected sources reiterate the same CVE with no additional exploit details. The p...
CVE-2016-9958
CVE-2016-9958 affects Game Music Emu, prior to version 0.6.1. The vulnerability enables a remote attacker to cause arbitrary memory writes, potentially enabling arbitrary code execution or DoS when opening a crafted SPC file. Public sources (Gentoo GLSA 201707-02 and related advisories) instruct ...
CVE-2016-9961
CVE-2016-9961 affects Game Music Emu (game-music-emu) prior to version 0.6.1, where unspecified integer values are mishandled. The vulnerability can allow a remote attacker to entice a user to open a specially crafted SPC music file, potentially resulting in arbitrary code execution or a Denial o...
CVE-2014-9844
CVE-2014-9844 affects ImageMagick 6.8.9.9, where the ReadRLEImage function in coders/rle.c is vulnerable. A crafted image file can trigger an out-of-bounds read, enabling a remote denial of service. The vulnerability is tied to processing of RLE-encoded data within ImageMagick. The provided conne...
CVE-2015-8010
The CVE-2015-8010 issue is a Cross-Site Scripting (XSS) vulnerability in Icinga’s Classic-UI, exploitable via the CSV export link and pagination on cgi-bin/status.cgi. Affected software is Icinga prior to 1.14; the vulnerability is triggered by unvalidated query string input, allowing remote atta...
CVE-2016-10069
CVE-2016-10069 affects ImageMagick (before 6.9.4-5). The vulnerability in coders/mat.c allows a remote attacker to cause an application crash (DoS) by sending a MAT file with an invalid number of frames. The issue is triggered during MAT file processing, leading to denial of service without requi...
CVE-2016-9436
CVE-2016-9436 affects the w3m HTML rendering component, specifically parsetagx.c, where an improper initialization of values in versions before 0.5.3+git20161009 can lead to a crash when parsing a crafted HTML file (related to a tag). The vulnerability is triggered remotely via crafted input, ca...
CVE-2016-7797
CVE-2016-7797 affects Pacemaker prior to 1.1.15. The issue can allow a remote, unauthenticated attacker (via pacemaker remote) to cause a denial of service resulting in node disconnection. The connected sources corroborate the high-level impact and reference related advisories (e.g., RHSA-2016:25...
CVE-2016-9959
CVE-2016-9959 affects Game Music Emu prior to 0.6.1. The vulnerability allows a remote attacker to cause out-of-bounds 8-bit values in SPC/music processing, as described by NVD. Consequences are stated as enabling potential arbitrary behavior from crafted inputs; exploitation details are not prov...
CVE-2014-9842
CVE-2014-9842 affects ImageMagick 6.8.9.9, where a memory leak in the ReadPSDLayers function (coders/psd.c) can allow remote attackers to cause a denial of service via memory consumption. The vectors are unspecified in the provided description. No explicit exploitation details or patch/remediatio...
CVE-2014-9850
CVE-2014-9850 describes a logic error in ImageMagick 6.8.9.9 that can allow remote attackers to cause a denial of service through resource consumption. The provided documents do not include further technical details (e.g., vulnerable component specifics, affected versions beyond 6.8.9.9, or expli...
CVE-2017-5938
CVE-2017-5938 is a Cross-site scripting (XSS) vulnerability in ViewVC’s nav_path function (lib/viewvc.py). Affected: ViewVC versions before 1.0.14 and 1.1.x before 1.1.26. Impact: remote attackers can inject arbitrary JavaScript/HTML via the nav_data name. Mitigation: upgrade to ViewVC 1.1.26 (or...
CVE-2015-3138
CVE-2015-3138 affects tcpdump before version 4.7.4, where print-wb.c can be exploited remotely to cause a denial of service (segmentation fault and process crash). The vulnerability is triggered via crafted input that impacts the WB (print-wb) path. The available description specifies the vulnera...