99 matches found
CVE-2018-14573
A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...
Directory traversal
A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...
CVE-2018-14573
A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...
CVE-2018-14573
The vulnerability CVE-2018-14573 affects TightRope Media Carousel Digital Signage before 7.3.5. It is a Local File Inclusion (LFI) in the Web Interface API’s RenderingFetch function, exploitable via directory traversal sequences (CSL-1683) to download arbitrary files. Impact is stated as Partial ...
About the security content of iTunes 12.4.2 for Windows - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
Copy-Paste Vulnerability (CPV) Through Libxslt
nokogiri has a copied version of the libxslt library. The copy that nokogiri includes is vulnerable to the following issues: 1. CVE-2016-1683 - Denial of Service DoS via an out-of-bounds heap memory access. This is caused by libxslt mishandling namespace nodes leading to out-of-bounds heap memory...
CVE-2016-4612
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to...
CVE-2016-4612
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to...
UBUNTU-CVE-2016-4612
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to...
CVE-2016-4612
CVE-2016-4612 is a reserved/duplicate entry and is not used.
FreeBSD : libxslt -- Denial of Service (1a2aa04f-3718-11e6-b3c8-14dae9d210b8)
Google reports : - 583156 Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire. - 583171 Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
[SECURITY] [DSA 3605-1] libxslt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3605-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3605-1] libxslt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3605-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DLA 514-1] libxslt security update
Package : libxslt Version : 1.1.26-14.1+deb7u1 CVE ID : CVE-2015-7995 CVE-2016-1683 CVE-2016-1684 Several vulnerabilities were found in libxslt. CVE-2015-7995 A missing type check could cause an application crash via a especially crafted file. CVE-2016-1683 An out of bounds heap access bug was...
USN-2992-1: Oxide vulnerabilities
An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2016-1673 An issue was discovered with Document reattachment in Blink in some circumstances. ...
CVE-2016-1683
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service out-of-bounds heap memory access or possibly have unspecified other impact via a crafted document...
CVE-2016-1683
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service out-of-bounds heap memory access or possibly have unspecified other impact via a crafted document...
CVE-2016-1683
CVE-2016-1683 affects libxslt prior to 1.1.29, as used in Google Chrome before 51.0.2704.63. The issue arises from numbers.c in libxslt, where namespace nodes are mishandled, enabling a remote attacker to trigger out-of-bounds heap memory access and cause a denial of service (with potential unspe...
Microsoft Office File Modification Password Use After Free (MS15-046; CVE-2015-1683)
A use-after-free vulnerability exists in Microsoft Office 2007. The vulnerability is due to problematic code that parses Office documents with modification password protection. A remote attacker could exploit this vulnerability by enticing a user to open a crafted Office document. Successful...