Vulnerabilities > NIH
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-02 | CVE-2018-16718 | Cross-site Scripting vulnerability in NIH Ncbi Toolbox 2.0.7/2.2.26 An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument. | 4.3 |
| 2019-05-02 | CVE-2018-16717 | Out-of-bounds Write vulnerability in NIH Ncbi Toolbox 2.0.7/2.2.26 A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. | 7.5 |
| 2019-05-02 | CVE-2018-16716 | Path Traversal vulnerability in NIH Ncbi Toolbox 2.0.7/2.2.26 A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. | 7.5 |
| 2012-07-12 | CVE-2012-1163 | Numeric Errors vulnerability in NIH Libzip 0.10 Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak. | 6.8 |
| 2012-07-12 | CVE-2012-1162 | Buffer Errors vulnerability in NIH Libzip 0.10 Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct." | 7.5 |