CVE-2016-5318 (libtiff)
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
Source: CVE-2016-5318 (libtiff)
[월:] 2017년 01월
CVE-2014-9754 (multichannel_vpn_router_300_firmware)
CVE-2014-9754 (multichannel_vpn_router_300_firmware)
The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint’s SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack.
Source: CVE-2014-9754 (multichannel_vpn_router_300_firmware)
CVE-2014-9755 (multichannel_vpn_router_300_firmware)
CVE-2014-9755 (multichannel_vpn_router_300_firmware)
The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint’s SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack.
Source: CVE-2014-9755 (multichannel_vpn_router_300_firmware)
CVE-2016-5323 (libtiff, opensuse)
CVE-2016-5323 (libtiff, opensuse)
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.
CVE-2016-5319
CVE-2016-5319
Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.
Source: CVE-2016-5319
CVE-2016-5323
CVE-2016-5323
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image.
Source: CVE-2016-5323
CVE-2016-5317
CVE-2016-5317
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
Source: CVE-2016-5317
CVE-2016-9436
CVE-2016-9436
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
Source: CVE-2016-9436
CVE-2014-2045
CVE-2014-2045
Multiple cross-site scripting (XSS) vulnerabilities in the ‘old’ and ‘new’ interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.
Source: CVE-2014-2045
CVE-2016-6253
CVE-2016-6253
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
Source: CVE-2016-6253