| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
851 |
CVE-2016-10171 |
125 |
|
DoS |
2017-03-14 |
2017-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. |
|
852 |
CVE-2016-10170 |
125 |
|
DoS |
2017-03-14 |
2017-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. |
|
853 |
CVE-2016-10169 |
125 |
|
DoS |
2017-03-14 |
2018-03-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file. |
|
854 |
CVE-2016-10168 |
190 |
|
Overflow |
2017-03-15 |
2018-05-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. |
|
855 |
CVE-2016-10167 |
20 |
|
DoS |
2017-03-15 |
2018-05-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. |
|
856 |
CVE-2016-10166 |
191 |
|
|
2017-03-15 |
2017-11-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. |
|
857 |
CVE-2016-10163 |
399 |
|
DoS |
2017-03-15 |
2017-07-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context. |
|
858 |
CVE-2016-10155 |
401 |
|
DoS |
2017-03-15 |
2020-11-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. |
|
859 |
CVE-2016-10152 |
264 |
|
+Priv |
2017-03-28 |
2018-10-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. |
|
860 |
CVE-2016-10151 |
264 |
|
+Priv |
2017-03-01 |
2018-10-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. |
|
861 |
CVE-2016-10149 |
611 |
|
|
2017-03-24 |
2018-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. |
|
862 |
CVE-2016-10146 |
399 |
|
DoS |
2017-03-24 |
2017-11-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. |
|
863 |
CVE-2016-10145 |
189 |
|
|
2017-03-24 |
2017-11-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. |
|
864 |
CVE-2016-10144 |
284 |
|
|
2017-03-24 |
2017-11-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. |
|
865 |
CVE-2016-10133 |
119 |
|
Overflow |
2017-03-24 |
2017-03-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions. |
|
866 |
CVE-2016-10132 |
476 |
|
DoS |
2017-03-24 |
2017-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. |
|
867 |
CVE-2016-10130 |
284 |
|
|
2017-03-24 |
2017-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable. |
|
868 |
CVE-2016-10129 |
476 |
|
DoS |
2017-03-24 |
2017-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. |
|
869 |
CVE-2016-10128 |
119 |
|
Overflow |
2017-03-24 |
2017-03-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. |
|
870 |
CVE-2016-10127 |
611 |
|
|
2017-03-03 |
2017-03-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. |
|
871 |
CVE-2016-10095 |
119 |
|
DoS Overflow |
2017-03-01 |
2021-01-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file. |
|
872 |
CVE-2016-10094 |
189 |
|
|
2017-03-01 |
2017-11-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. |
|
873 |
CVE-2016-10093 |
119 |
|
Overflow |
2017-03-01 |
2021-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow. |
|
874 |
CVE-2016-10092 |
119 |
|
Overflow |
2017-03-01 |
2021-03-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image. |
|
875 |
CVE-2016-10071 |
125 |
|
DoS |
2017-03-02 |
2020-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. |
|
876 |
CVE-2016-10070 |
125 |
|
DoS Overflow |
2017-03-03 |
2020-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. |
|
877 |
CVE-2016-10069 |
20 |
|
DoS |
2017-03-02 |
2017-03-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. |
|
878 |
CVE-2016-10068 |
20 |
|
DoS |
2017-03-02 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. |
|
879 |
CVE-2016-10067 |
119 |
|
DoS Overflow |
2017-03-02 |
2017-03-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. |
|
880 |
CVE-2016-10066 |
120 |
|
DoS Overflow |
2017-03-03 |
2020-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file. |
|
881 |
CVE-2016-10065 |
284 |
|
DoS |
2017-03-03 |
2019-04-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
882 |
CVE-2016-10064 |
119 |
|
DoS Overflow |
2017-03-02 |
2020-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
883 |
CVE-2016-10063 |
119 |
|
DoS Overflow |
2017-03-02 |
2020-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity. |
|
884 |
CVE-2016-10062 |
388 |
|
DoS |
2017-03-02 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. |
|
885 |
CVE-2016-10061 |
252 |
|
DoS |
2017-03-03 |
2021-04-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file. |
|
886 |
CVE-2016-10060 |
252 |
|
DoS |
2017-03-02 |
2021-04-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file. |
|
887 |
CVE-2016-10059 |
119 |
|
DoS Overflow |
2017-03-23 |
2017-03-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. |
|
888 |
CVE-2016-10058 |
400 |
|
DoS |
2017-03-23 |
2020-11-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. |
|
889 |
CVE-2016-10057 |
119 |
|
DoS Overflow |
2017-03-23 |
2020-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
890 |
CVE-2016-10056 |
119 |
|
DoS Overflow |
2017-03-23 |
2020-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
891 |
CVE-2016-10055 |
119 |
|
DoS Overflow |
2017-03-23 |
2020-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
892 |
CVE-2016-10054 |
119 |
|
DoS Overflow |
2017-03-23 |
2020-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
893 |
CVE-2016-10053 |
369 |
|
DoS |
2017-03-23 |
2020-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. |
|
894 |
CVE-2016-10052 |
119 |
|
DoS Overflow |
2017-03-23 |
2020-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
895 |
CVE-2016-10051 |
416 |
|
DoS |
2017-03-23 |
2020-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
|
896 |
CVE-2016-10050 |
119 |
|
DoS Overflow |
2017-03-23 |
2020-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. |
|
897 |
CVE-2016-10049 |
119 |
|
DoS Overflow |
2017-03-23 |
2020-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. |
|
898 |
CVE-2016-10048 |
22 |
|
Dir. Trav. |
2017-03-23 |
2017-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. |
|
899 |
CVE-2016-10047 |
400 |
|
DoS |
2017-03-23 |
2017-03-24 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. |
|
900 |
CVE-2016-10046 |
119 |
|
DoS Overflow |
2017-03-23 |
2017-03-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file. |
