Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-05-13 CVE-2014-9762 Improper Input Validation vulnerability in multiple products
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.
network
low complexity
enlightenment debian CWE-20
7.5
7.5
2016-05-13 CVE-2011-5326 Numeric Errors vulnerability in multiple products
imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.
network
low complexity
debian enlightenment CWE-189
7.5
7.5
2016-05-13 CVE-2016-2850 Improper Input Validation vulnerability in multiple products
Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
network
low complexity
fedoraproject botan-project CWE-20
7.5
7.5
2016-05-13 CVE-2016-2849 Information Exposure vulnerability in multiple products
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.
network
low complexity
debian fedoraproject botan-project CWE-200
7.5
7.5
2016-05-13 CVE-2016-2194 Improper Input Validation vulnerability in multiple products
The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a composite modulus.
network
low complexity
debian botan-project CWE-20
7.5
7.5
2016-05-13 CVE-2015-7827 Information Exposure vulnerability in multiple products
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding.
network
low complexity
fedoraproject botan-project debian CWE-200
7.5
7.5
2016-05-13 CVE-2015-5727 Resource Management Errors vulnerability in multiple products
The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field.
network
low complexity
botan-project debian CWE-399
7.5
7.5
2016-05-13 CVE-2015-5726 Improper Input Validation vulnerability in multiple products
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data.
network
low complexity
botan-project debian CWE-20
7.5
7.5
2016-05-13 CVE-2014-9742 Cryptographic Issues vulnerability in Botan Project Botan
The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.
network
low complexity
botan-project CWE-310
7.5
7.5
2016-05-12 CVE-2016-1393 SQL Injection vulnerability in Cisco Cloud Network Automation Provisioner 1.0/1.1
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.
network
low complexity
cisco CWE-89
7.1
7.1