| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command. |
| The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. |
| There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. |
| There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
| Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. |
| The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. |
| The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. |
| The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. |
| regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free. |
| game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). |
| SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. |
| regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. |
| The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. |
| The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. |
| slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. |
| The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. |
| Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. |
| org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. |
| ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. |
