Lucene search
+L

99 matches found

NVD
NVD
added 2018/07/23 11:29 p.m.23 views

CVE-2018-14573

A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...

5.5CVSS5.6AI score0.06394EPSS
Exploits0References1
Prion
Prion
added 2018/07/23 11:29 p.m.17 views

Directory traversal

A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...

2.1CVSS5.7AI score0.06394EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/07/23 11:0 p.m.22 views

CVE-2018-14573

A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...

5.7AI score0.06394EPSS
Exploits0References1
CVE
CVE
added 2018/07/23 11:0 p.m.50 views

CVE-2018-14573

The vulnerability CVE-2018-14573 affects TightRope Media Carousel Digital Signage before 7.3.5. It is a Local File Inclusion (LFI) in the Web Interface API’s RenderingFetch function, exploitable via directory traversal sequences (CSL-1683) to download arbitrary files. Impact is stated as Partial ...

5.5CVSS5.6AI score0.06394EPSS
Exploits0References1Affected Software1
Apple
Apple
added 2017/06/10 11:47 a.m.53 views

About the security content of iTunes 12.4.2 for Windows - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

10CVSS1.4AI score0.1398EPSS
Exploits3Affected Software1
Veracode
Veracode
added 2017/05/17 7:6 a.m.35 views

Copy-Paste Vulnerability (CPV) Through Libxslt

nokogiri has a copied version of the libxslt library. The copy that nokogiri includes is vulnerable to the following issues: 1. CVE-2016-1683 - Denial of Service DoS via an out-of-bounds heap memory access. This is caused by libxslt mishandling namespace nodes leading to out-of-bounds heap memory...

8.1AI score0.02142EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2016/07/22 2:59 a.m.4 views

CVE-2016-4612

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to...

7.5CVSS6.7AI score0.02142EPSS
Exploits0References1
Prion
Prion
added 2016/07/22 2:59 a.m.26 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to...

8.5AI score0.02142EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/07/22 2:59 a.m.1 views

CVE-2016-4612

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to...

6.8AI score
Exploits0References13
OSV
OSV
added 2016/07/22 2:59 a.m.3 views

UBUNTU-CVE-2016-4612

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1683. Reason: This candidate is a reservation duplicate of CVE-2016-1683. Notes: All CVE users should reference CVE-2016-1683 instead of this candidate. All references and descriptions in this candidate have been removed to...

6.7AI score
Exploits0References14
CVE
CVE
added 2016/07/22 1:0 a.m.76 views

CVE-2016-4612

CVE-2016-4612 is a reserved/duplicate entry and is not used.

8.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/06/21 12:0 a.m.33 views

FreeBSD : libxslt -- Denial of Service (1a2aa04f-3718-11e6-b3c8-14dae9d210b8)

Google reports : - 583156 Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire. - 583171 Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

7.5CVSS8AI score0.02142EPSS
Exploits0References4
Debian
Debian
added 2016/06/19 5:0 a.m.40 views

[SECURITY] [DSA 3605-1] libxslt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3605-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2016 https://www.debian.org/security/faq -...

5.1CVSS1.4AI score0.04156EPSS
Exploits1
Debian
Debian
added 2016/06/19 5:0 a.m.45 views

[SECURITY] [DSA 3605-1] libxslt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3605-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 19, 2016 https://www.debian.org/security/faq -...

7.5CVSS8.3AI score0.04156EPSS
Exploits1
Debian
Debian
added 2016/06/12 9:50 p.m.45 views

[SECURITY] [DLA 514-1] libxslt security update

Package : libxslt Version : 1.1.26-14.1+deb7u1 CVE ID : CVE-2015-7995 CVE-2016-1683 CVE-2016-1684 Several vulnerabilities were found in libxslt. CVE-2015-7995 A missing type check could cause an application crash via a especially crafted file. CVE-2016-1683 An out of bounds heap access bug was...

7.5CVSS8.7AI score0.04156EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/06/06 3:26 p.m.85 views

USN-2992-1: Oxide vulnerabilities

An unspecified security issue was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2016-1673 An issue was discovered with Document reattachment in Blink in some circumstances. ...

8.8CVSS7.5AI score0.03094EPSS
Exploits3
NVD
NVD
added 2016/06/05 11:59 p.m.18 views

CVE-2016-1683

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service out-of-bounds heap memory access or possibly have unspecified other impact via a crafted document...

7.5CVSS8.2AI score0.02142EPSS
Exploits0References27
OSV
OSV
added 2016/06/05 11:59 p.m.7 views

CVE-2016-1683

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service out-of-bounds heap memory access or possibly have unspecified other impact via a crafted document...

7.5CVSS7.9AI score
Exploits0References27
CVE
CVE
added 2016/06/05 11:0 p.m.142 views

CVE-2016-1683

CVE-2016-1683 affects libxslt prior to 1.1.29, as used in Google Chrome before 51.0.2704.63. The issue arises from numbers.c in libxslt, where namespace nodes are mishandled, enabling a remote attacker to trigger out-of-bounds heap memory access and cause a denial of service (with potential unspe...

7.5CVSS8.1AI score0.02142EPSS
Exploits0References27Affected Software1
Check Point Advisories
Check Point Advisories
added 2015/10/27 12:0 a.m.18 views

Microsoft Office File Modification Password Use After Free (MS15-046; CVE-2015-1683)

A use-after-free vulnerability exists in Microsoft Office 2007. The vulnerability is due to problematic code that parses Office documents with modification password protection. A remote attacker could exploit this vulnerability by enticing a user to open a crafted Office document. Successful...

9.3CVSS7AI score0.13601EPSS
Exploits0
Rows per page
Query Builder