CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16718
https://notcve.org/view.php?id=CVE-2018-16718
02 May 2019 — An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox via a crafted -z1 argument. Existe una vulnerabilidad XSS en wwwblast.c en las versiones legacy 2.0.7 a 2.2.26 de NCBI ToolBox mediante un argumento -z1. • https://github.com/grymer/CVE/blob/master/CVE-2018-16718.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16717
https://notcve.org/view.php?id=CVE-2018-16717
02 May 2019 — A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox. Existe un desbordamiento de búfer basado en memoria dinámica (heap) en nph-viewgif.cgi en las versiones legacy desde la 2.0.7 hasta la 2.2.26 en NCBI ToolBox • https://github.com/grymer/CVE/blob/master/CVE-2018-16717.md • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 44%CPEs: 1EXPL: 0CVE-2018-16716
https://notcve.org/view.php?id=CVE-2018-16716
02 May 2019 — A path traversal vulnerability exists in viewcgi.c in the 2.0.7 through 2.2.26 legacy versions of the NCBI ToolBox, which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. En viewcgi.c existe una vulnerabilidad de paso de ruta en las versiones desde la 2.0.7 hasta la 2.2.26 de NCBI ToolBox, que puede dar lugar a la lectura de archivos arbitrarios (es decir, a la divulgación de información importante) o a la eliminación ... • https://github.com/grymer/CVE/blob/master/CVE-2018-16716.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 33%CPEs: 56EXPL: 1CVE-2015-2331 – HP Security Bulletin HPSBUX03337 SSRT102066 1
https://notcve.org/view.php?id=CVE-2015-2331
23 Mar 2015 — Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. Desbordamiento de enteros en la función _zip_cdir_new en zip_dirent.c en libzip 0.11.2 y anteriores, utilizad... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2012-1162 – Mandriva Linux Security Advisory 2012-034
https://notcve.org/view.php?id=CVE-2012-1162
23 Mar 2012 — Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct." Un desbordamiento de entero en la función _zip_readcdir en zip_open.c en libzip v0.10 permite a atacantes remotos causar una denegación de servicio (caida de la aplicación) y posiblemente ejecutar código de su elecci... • http://nih.at/listarchive/libzip-discuss/msg00252.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2012-1163 – Mandriva Linux Security Advisory 2012-034
https://notcve.org/view.php?id=CVE-2012-1163
23 Mar 2012 — Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak. Un desbordamiento de entero en la función _zip_readcdir en zip_open.c en libzip v0.10 permite a atacantes remotos ejecutar código de su elección a través del tamaño y los valores de desplazamiento... • http://nih.at/listarchive/libzip-discuss/msg00252.html • CWE-189: Numeric Errors •