CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2016-10171 125 DoS 2017-03-14 2017-03-14
4.3
None Remote Medium Not required None None Partial
The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
852 CVE-2016-10170 125 DoS 2017-03-14 2017-03-14
4.3
None Remote Medium Not required None None Partial
The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
853 CVE-2016-10169 125 DoS 2017-03-14 2018-03-16
4.3
None Remote Medium Not required None None Partial
The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
854 CVE-2016-10168 190 Overflow 2017-03-15 2018-05-04
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
855 CVE-2016-10167 20 DoS 2017-03-15 2018-05-04
4.3
None Remote Medium Not required None None Partial
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
856 CVE-2016-10166 191 2017-03-15 2017-11-04
7.5
None Remote Low Not required Partial Partial Partial
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
857 CVE-2016-10163 399 DoS 2017-03-15 2017-07-11
4.9
None Local Low Not required None None Complete
Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context.
858 CVE-2016-10155 401 DoS 2017-03-15 2020-11-10
4.9
None Local Low Not required None None Complete
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
859 CVE-2016-10152 264 +Priv 2017-03-28 2018-10-21
10.0
None Remote Low Not required Complete Complete Complete
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
860 CVE-2016-10151 264 +Priv 2017-03-01 2018-10-21
6.9
None Local Medium Not required Complete Complete Complete
The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary.
861 CVE-2016-10149 611 2017-03-24 2018-01-05
5.0
None Remote Low Not required Partial None None
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
862 CVE-2016-10146 399 DoS 2017-03-24 2017-11-04
7.8
None Remote Low Not required None None Complete
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
863 CVE-2016-10145 189 2017-03-24 2017-11-04
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.
864 CVE-2016-10144 284 2017-03-24 2017-11-04
7.5
None Remote Low Not required Partial Partial Partial
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.
865 CVE-2016-10133 119 Overflow 2017-03-24 2017-03-27
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions.
866 CVE-2016-10132 476 DoS 2017-03-24 2017-03-27
5.0
None Remote Low Not required None None Partial
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.
867 CVE-2016-10130 284 2017-03-24 2017-03-28
4.3
None Remote Medium Not required None Partial None
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.
868 CVE-2016-10129 476 DoS 2017-03-24 2017-03-28
5.0
None Remote Low Not required None None Partial
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.
869 CVE-2016-10128 119 Overflow 2017-03-24 2017-03-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.
870 CVE-2016-10127 611 2017-03-03 2017-03-08
6.8
None Remote Medium Not required Partial Partial Partial
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
871 CVE-2016-10095 119 DoS Overflow 2017-03-01 2021-01-29
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.
872 CVE-2016-10094 189 2017-03-01 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.
873 CVE-2016-10093 119 Overflow 2017-03-01 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow.
874 CVE-2016-10092 119 Overflow 2017-03-01 2021-03-05
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image.
875 CVE-2016-10071 125 DoS 2017-03-02 2020-11-16
4.3
None Remote Medium Not required None None Partial
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
876 CVE-2016-10070 125 DoS Overflow 2017-03-03 2020-11-16
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
877 CVE-2016-10069 20 DoS 2017-03-02 2017-03-07
4.3
None Remote Medium Not required None None Partial
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
878 CVE-2016-10068 20 DoS 2017-03-02 2018-10-30
4.3
None Remote Medium Not required None None Partial
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
879 CVE-2016-10067 119 DoS Overflow 2017-03-02 2017-03-07
5.0
None Remote Low Not required None None Partial
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.
880 CVE-2016-10066 120 DoS Overflow 2017-03-03 2020-10-14
4.3
None Remote Medium Not required None None Partial
Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.
881 CVE-2016-10065 284 DoS 2017-03-03 2019-04-12
6.8
None Remote Medium Not required Partial Partial Partial
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
882 CVE-2016-10064 119 DoS Overflow 2017-03-02 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
883 CVE-2016-10063 119 DoS Overflow 2017-03-02 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity.
884 CVE-2016-10062 388 DoS 2017-03-02 2017-11-04
4.3
None Remote Medium Not required None None Partial
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
885 CVE-2016-10061 252 DoS 2017-03-03 2021-04-28
4.3
None Remote Medium Not required None None Partial
The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file.
886 CVE-2016-10060 252 DoS 2017-03-02 2021-04-28
4.3
None Remote Medium Not required None None Partial
The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
887 CVE-2016-10059 119 DoS Overflow 2017-03-23 2017-03-25
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
888 CVE-2016-10058 400 DoS 2017-03-23 2020-11-16
7.1
None Remote Medium Not required None None Complete
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.
889 CVE-2016-10057 119 DoS Overflow 2017-03-23 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
890 CVE-2016-10056 119 DoS Overflow 2017-03-23 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
891 CVE-2016-10055 119 DoS Overflow 2017-03-23 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
892 CVE-2016-10054 119 DoS Overflow 2017-03-23 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
893 CVE-2016-10053 369 DoS 2017-03-23 2020-11-16
4.3
None Remote Medium Not required None None Partial
The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
894 CVE-2016-10052 119 DoS Overflow 2017-03-23 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
895 CVE-2016-10051 416 DoS 2017-03-23 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
896 CVE-2016-10050 119 DoS Overflow 2017-03-23 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
897 CVE-2016-10049 119 DoS Overflow 2017-03-23 2020-11-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
898 CVE-2016-10048 22 Dir. Trav. 2017-03-23 2017-03-24
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
899 CVE-2016-10047 400 DoS 2017-03-23 2017-03-24
7.1
None Remote Medium Not required None None Complete
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file.
900 CVE-2016-10046 119 DoS Overflow 2017-03-23 2017-03-24
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
Total number of vulnerabilities : 1305   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.