CVE-2016-5316
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
Source: CVE-2016-5316
[월:] 2017년 01월
CVE-2016-9435
CVE-2016-9435
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
Source: CVE-2016-9435
CVE-2016-5321
CVE-2016-5321
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers tocause a denial of service (invalid read and crash) via a crafted tiff image.
Source: CVE-2016-5321
CVE-2016-5318
CVE-2016-5318
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
Source: CVE-2016-5318
CVE-2014-9754
CVE-2014-9754
The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint’s SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack.
Source: CVE-2014-9754
CVE-2014-9755
CVE-2014-9755
The hardware VPN client in Viprinet MultichannelVPN Router 300 verison 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint’s SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack.
Source: CVE-2014-9755
CVE-2016-5014 (moodle)
CVE-2016-5014 (moodle)
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
Source: CVE-2016-5014 (moodle)
CVE-2016-7038 (moodle)
CVE-2016-7038 (moodle)
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
Source: CVE-2016-7038 (moodle)
CVE-2016-5013 (moodle)
CVE-2016-5013 (moodle)
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.
Source: CVE-2016-5013 (moodle)
CVE-2016-8642 (moodle)
CVE-2016-8642 (moodle)
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
Source: CVE-2016-8642 (moodle)