Latest CVE Feed
-
5.5
MEDIUMCVE-2017-10365
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple prot... Read more
- EPSS Score: %0.31
- Published: Oct. 19, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-1000126
exiv2 0.26 contains a Stack out of bounds read in webp parser... Read more
Affected Products : exiv2- EPSS Score: %0.32
- Published: Nov. 17, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2017-0295
Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability".... Read more
- EPSS Score: %0.53
- Published: Jun. 15, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-9827
The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file.... Read more
Affected Products : libming- EPSS Score: %0.22
- Published: Feb. 17, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-9810
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref ca... Read more
Affected Products : gstreamer- EPSS Score: %0.66
- Published: Jan. 13, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-9642
JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file.... Read more
Affected Products : webkit- EPSS Score: %0.19
- Published: Feb. 03, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-9392
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.... Read more
Affected Products : jasper- EPSS Score: %0.47
- Published: Mar. 23, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-9191
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted applicati... Read more
Affected Products : linux_kernel- EPSS Score: %0.08
- Published: Nov. 28, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-8939
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.... Read more
- EPSS Score: %0.07
- Published: Jun. 07, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-8883
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.... Read more
Affected Products : jasper- EPSS Score: %0.38
- Published: Jan. 13, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-8688
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_e... Read more
- EPSS Score: %0.23
- Published: Feb. 15, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-8674
The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file.... Read more
Affected Products : mupdf- EPSS Score: %0.22
- Published: Feb. 15, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-8568
The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.... Read more
- EPSS Score: %0.64
- Published: Feb. 03, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-7977
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.... Read more
Affected Products : ghostscript- EPSS Score: %1.07
- Published: May. 23, 2017
- Modified: Apr. 20, 2025
-
5.5
MEDIUMCVE-2016-5337
The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information.... Read more
- EPSS Score: %0.06
- Published: Jun. 14, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-5294
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerabilit... Read more
- EPSS Score: %0.10
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2016-4752
The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does not use the CF_RETURNS_RETAINED keyword, which allows attackers to obtain sensitive information from process memory by triggering key derivation.... Read more
- EPSS Score: %0.25
- Published: Sep. 25, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-3156
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.... Read more
Affected Products : linux_kernel ubuntu_linux suse_linux_enterprise_desktop suse_linux_enterprise_server suse_linux_enterprise_software_development_kit suse_linux_enterprise_real_time_extension suse_linux_enterprise_debuginfo suse_linux_enterprise_live_patching suse_linux_enterprise_module_for_public_cloud suse_linux_enterprise_workstation_extension- EPSS Score: %0.04
- Published: Apr. 27, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-2197
QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List Block (CLB) entries. A privileged user inside guest could... Read more
Affected Products : qemu- EPSS Score: %0.11
- Published: Dec. 29, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-1371
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.... Read more
- EPSS Score: %0.58
- Published: Oct. 03, 2016
- Modified: Apr. 12, 2025