Shodan
Vulnerabilities
Vulnerable Software
Canonical:  Security Vulnerabilities
CVE-2014-9745
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.
CVSS Score
5.0
EPSS Score
0.027
Published
2015-09-14
CVE-2015-5200
The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.
CVSS Score
6.3
EPSS Score
0.0
Published
2015-09-08
CVE-2015-5199
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.
CVSS Score
7.2
EPSS Score
0.0
Published
2015-09-08
CVE-2015-5198
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.
CVSS Score
7.2
EPSS Score
0.0
Published
2015-09-08
CVE-2015-6826
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.
CVSS Score
7.5
EPSS Score
0.009
Published
2015-09-06
CVE-2015-6824
The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.
CVSS Score
7.5
EPSS Score
0.009
Published
2015-09-06
CVE-2015-6820
The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.
CVSS Score
7.5
EPSS Score
0.009
Published
2015-09-06
CVE-2015-6818
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.
CVSS Score
7.5
EPSS Score
0.009
Published
2015-09-06
CVE-2015-3308
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
CVSS Score
7.5
EPSS Score
0.014
Published
2015-09-02
CVE-2015-6727
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
CVSS Score
5.0
EPSS Score
0.006
Published
2015-09-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved