CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2016-6875 Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2016-7111 MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via un... | N/A | NONE | — | 0 |
| CVE-2016-7510 The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input. | 6.5 | MEDIUM | — | 0 |
| CVE-2016-7511 Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file. | N/A | NONE | — | 0 |
| CVE-2017-6055 XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact v... | N/A | NONE | — | 0 |
| CVE-2017-6065 SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter. | N/A | NONE | — | 0 |
| CVE-2017-5986 Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithre... | N/A | NONE | — | 0 |
| CVE-2017-6001 Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a ... | 7.0 | HIGH | — | 0 |
| CVE-2017-6074 The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain ro... | 7.8 | HIGH | — | 0 |
| CVE-2016-4613 An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involv... | N/A | NONE | — | 0 |
| CVE-2016-4617 An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. | N/A | NONE | — | 0 |
| CVE-2016-4683 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial ... | N/A | NONE | — | 0 |
| CVE-2016-4660 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the... | N/A | NONE | — | 0 |
| CVE-2016-4661 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of serv... | N/A | NONE | — | 0 |
| CVE-2016-4662 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privile... | N/A | NONE | — | 0 |
| CVE-2016-4663 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to cause a denial of service (memor... | N/A | NONE | — | 0 |
| CVE-2016-4664 An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, whi... | N/A | NONE | — | 0 |
| CVE-2014-9947 In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. | N/A | NONE | — | 0 |
| CVE-2016-4665 An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, whi... | N/A | NONE | — | 0 |
| CVE-2016-4666 An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows r... | N/A | NONE | — | 0 |
| CVE-2016-4667 An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of s... | N/A | NONE | — | 0 |
| CVE-2016-4669 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the... | N/A | NONE | — | 0 |
| CVE-2016-4670 An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "Security" component. It allows local users to discover lengths... | N/A | NONE | — | 0 |
| CVE-2017-5231 All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a special... | N/A | NONE | — | 0 |
| CVE-2017-5232 All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current workin... | N/A | NONE | — | 0 |
| CVE-2017-5233 Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working direct... | 7.8 | HIGH | — | 0 |
| CVE-2017-5234 Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working dire... | N/A | NONE | — | 0 |
| CVE-2017-5235 Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current work... | N/A | NONE | — | 0 |
| CVE-2016-10060 The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of servi... | 6.5 | MEDIUM | — | 0 |
| CVE-2017-14309 STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUn... | N/A | NONE | — | 0 |
| CVE-2016-10062 The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via ... | 5.5 | MEDIUM | — | 0 |
| CVE-2016-10063 Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to ... | 7.8 | HIGH | — | 0 |
| CVE-2016-10064 Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | 7.8 | HIGH | — | 0 |
| CVE-2016-10067 magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. | N/A | NONE | — | 0 |
| CVE-2016-10068 The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | N/A | NONE | — | 0 |
| CVE-2016-10069 coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. | N/A | NONE | — | 0 |
| CVE-2016-10071 coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | 5.5 | MEDIUM | — | 0 |
| CVE-2017-6102 Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. | N/A | NONE | — | 0 |
| CVE-2017-6103 Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. | N/A | NONE | — | 0 |
| CVE-2017-6104 Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | N/A | NONE | — | 0 |
| CVE-2016-10201 Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. | N/A | NONE | — | 0 |
| CVE-2016-9892 The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL se... | N/A | NONE | — | 0 |
| CVE-2015-2877 Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other g... | 3.3 | LOW | — | 0 |
| CVE-2016-10127 PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | N/A | NONE | — | 0 |
| CVE-2016-10193 The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.... | N/A | NONE | — | 0 |
| CVE-2016-10194 The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb. | N/A | NONE | — | 0 |
| CVE-2016-10203 Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. | N/A | NONE | — | 0 |
| CVE-2016-10204 SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php. | N/A | NONE | — | 0 |
| CVE-2016-10205 Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. | N/A | NONE | — | 0 |
| CVE-2016-10206 Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspec... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.