| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources. |
| Off-by-one error in magick/cache.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors. |
| A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. |
| libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. |
| Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection. |
| In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. |
| rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation. |
| The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. |
| game-music-emu before 0.6.1 mishandles unspecified integer values. |
| libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. |
| libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. |
| libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. |
| OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call. |
| B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft. |
| The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. |
| Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. |
| Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. |
| In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur. |
| magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. |
| Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. |
